Researchers Uncover UEFI Vulnerability Affecting Multiple Intel CPUs

Cybersecurity researchers have disclosed details of a now-patched security flaw in Phoenix SecureCore UEFI firmware that affects multiple families of Intel Core desktop and mobile processors.

Tracked as CVE-2024-0762 (CVSS score: 7.5), the "UEFIcanhazbufferoverflow" vulnerability has been described as a case of a buffer overflow stemming from the use of an unsafe variable in the Trusted Platform Module (TPM) configuration that could result in the execution of malicious code.

Following responsible disclosure, the vulnerability was addressed by Phoenix Technologies in April 2024. The fact that UEFI is the first code that's run with the highest privileges has made it a lucrative target for threat actors looking to deploy bootkits and firmware implants that can subvert security mechanisms and maintain persistence without being detected.

The development comes nearly a month after the company disclosed a similar unpatched buffer overflow flaw in HP's implementation of UEFI that impacts HP ProBook 11 EE G1, a device that reached end-of-life (EoL) status as of September 2020. 

It also follows the disclosure of a software attack called TPM GPIO Reset that could be exploited by attackers to access secrets stored on disk by other operating systems or undermine controls that are protected by the TPM such as disk encryption or boot protections.

Reference: Hacker news.