UEFIcanhazbufferoverflow Flaw In Intel Processors Impacts 100s of PCs & Servers

The Phoenix SecureCore UEFI firmware has chanced on a brand contemporary vulnerability, which runs on several Intel Core Desktop and mobile processors.

This vulnerability has been assigned CVE-2024-0762, and its severity has been given as 7.5 (High).

This was once before all the pieces identified on Lenovo ThinkPad X1 Carbon 7th Gen and X1 Yoga 4th Gen, which makes employ of potentially the most modern Lenovo BIOS updates, but later, Phoenix Applied sciences took accountability to reach forward and acknowledge the same concerns exist on more than one versions of their more than one versions of SecureCore firmware.

UEFIcanhazbufferoverflow Flaw

In maintaining with the reports shared with Cyber Security News, this vulnerability exists on more than one Intel processor families and more than one generations of Intel core Processors, along with AlderLake, CoffeeLake, CometLake, IceLake, JasperLake, KabyLake, MeteorLake, RaptorLake, RocketLake, and TigerLake.

These processors are prone by a huge need of OEMs (customary gear producers) and ODMs (Usual Set apart Producers).

Extra, the same vulnerability also affects several distributors, affecting a total bunch of PC products that depend upon Phoenix SecureCore UEFI firmware.

Then yet again, this vulnerability permits a native risk actor to raise their privileges and attain far away code accurate via the UEFI firmware accurate via runtime.

The vulnerability lies in the UEFI code handling TPM (Transform Platform Module) configuration, leading to buffer overflow and malicious code execution.

The different of exploiting this vulnerability relies on the configuration and permission assigned to the TCG2_CONFIGURATION variable, which is assorted on every platform.

On the other hand, this vulnerability will doubtless be exploited equally to firmware backdoors, which are widely prone by risk actors.

If risk actors could per chance exploit this vulnerability and plant a backdoor on prone units, it will enable them to evade safety measures that creep on the working machine and instrument layers.

Extra, manipulating runtime code could per chance expand the wretchedness of detecting these attacks.

Vulnerability Diagnosis

The module that has been identified as prone was once GUID: E6A7A1CE-5881-4B49-80BE-69C91811685C.

Two calls are made to GetVariable with the “TCG2_CONFIGURATION” argument and the same DataSize that does now not enjoy sufficient checks.

If a risk actor attacks the TCG2_CONFIGURATION by manipulating the associated payment, it will allow them to set apart it to a cost for longer sessions.

Extra, the first name to GetVariable returns EFI_BUFFER_TOO_SMALL, and the data_size is set apart to the scale of the UEFI variable.

The 2d name permits them to overflow the buffer efficiently, at final leading to stack buffer overflow.

Users of these firmware versions are told to enhance their seller-issued patches to patch this vulnerability.