CVE-2024-0762

Summary

Potential buffer overflow in unsafe UEFI variable handling

in Phoenix SecureCore™ for select Intel platforms

This issue affects:

Phoenix

SecureCore™ for Intel Kaby Lake: from 4.0.1.1 before 4.0.1.998;

Phoenix

SecureCore™ for Intel Coffee Lake: from 4.1.0.1 before 4.1.0.562;

Phoenix

SecureCore™ for Intel Ice Lake: from 4.2.0.1 before 4.2.0.323;

Phoenix

SecureCore™ for Intel Comet Lake: from 4.2.1.1 before 4.2.1.287;

Phoenix

SecureCore™ for Intel Tiger Lake: from 4.3.0.1 before 4.3.0.236;

Phoenix

SecureCore™ for Intel Jasper Lake: from 4.3.1.1 before 4.3.1.184;

Phoenix

SecureCore™ for Intel Alder Lake: from 4.4.0.1 before 4.4.0.269;

Phoenix

SecureCore™ for Intel Raptor Lake: from 4.5.0.1 before 4.5.0.218;

Phoenix

SecureCore™ for Intel Meteor Lake: from 4.5.1.1 before 4.5.1.15.

Affected Software

VendorProductVersion RangeStatus
PhoenixSecureCore™ for Intel Kaby Lake4.0.1.1 < 4.0.1.998affected
PhoenixSecureCore™ for Intel Coffee Lake4.1.0.1 < 4.1.0.562affected
PhoenixSecureCore™ for Intel Ice Lake4.2.0.1 < 4.2.0.323affected
PhoenixSecureCore™ for Intel Comet Lake4.2.1.1 < 4.2.1.287affected
PhoenixSecureCore™ for Intel Tiger Lake4.3.0.1 < 4.3.0.236affected
PhoenixSecureCore™ for Intel Jasper Lake4.3.1.1 < 4.3.1.184affected
PhoenixSecureCore™ for Intel Alder Lake4.4.0.1 < 4.4.0.269affected
PhoenixSecureCore™ for Intel Raptor Lake4.5.0.1 < 4.5.0.218affected
PhoenixSecureCore™ for Intel Meteor Lake4.5.1.1 < 4.5.1.15affected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

CVE Program Container

Additional References

References