CVE-2024-0762 - Vulnerability Details

Potential buffer overflow in unsafe UEFI variable handling in Phoenix SecureCore™ for select Intel platforms This issue affects: Phoenix SecureCore™ for Intel Kaby Lake: from 4.0.1.1 before 4.0.1.998; Phoenix SecureCore™ for Intel Coffee Lake: from 4.1.0.1 before 4.1.0.562; Phoenix SecureCore™ for Intel Ice Lake: from 4.2.0.1 before 4.2.0.323; Phoenix SecureCore™ for Intel Comet Lake: from 4.2.1.1 before 4.2.1.287; Phoenix SecureCore™ for Intel Tiger Lake: from 4.3.0.1 before 4.3.0.236; Phoenix SecureCore™ for Intel Jasper Lake: from 4.3.1.1 before 4.3.1.184; Phoenix SecureCore™ for Intel Alder Lake: from 4.4.0.1 before 4.4.0.269; Phoenix SecureCore™ for Intel Raptor Lake: from 4.5.0.1 before 4.5.0.218; Phoenix SecureCore™ for Intel Meteor Lake: from 4.5.1.1 before 4.5.1.15.

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required High

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Phoenix	Securecore Technology

No data.

References

Link	Providers
https://eclypsium.com/blog/ueficanhazbufferoverflow-widespread-impact-from-vulnerability-in-popular-pc-and-server-firmware/
https://news.ycombinator.com/item?id=40747852
https://www.phoenix.com/security-notifications/cve-2024-0762/

History

Thu, 20 Mar 2025 14:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-120

Thu, 13 Feb 2025 18:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Phoenix Phoenix securecore Technology
CPEs		cpe:2.3:a:phoenix:securecore_technology:4.0.1.1:::::::* cpe:2.3:a:phoenix:securecore_technology:4.1.0.1:::::::* cpe:2.3:a:phoenix:securecore_technology:4.2.0.1:::::::* cpe:2.3:a:phoenix:securecore_technology:4.2.1.1:::::::* cpe:2.3:a:phoenix:securecore_technology:4.3.0.1:::::::* cpe:2.3:a:phoenix:securecore_technology:4.3.1.1:::::::* cpe:2.3:a:phoenix:securecore_technology:4.4.0.1:::::::* cpe:2.3:a:phoenix:securecore_technology:4.5.0.1:::::::* cpe:2.3:a:phoenix:securecore_technology:4.5.1.1:::::::*
Vendors & Products		Phoenix Phoenix securecore Technology
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Thu, 13 Feb 2025 17:30:00 +0000

Type	Values Removed	Values Added
Description	Potential buffer overflow in unsafe UEFI variable handling in Phoenix SecureCore™ for select Intel platforms This issue affects: Phoenix SecureCore™ for Intel Kaby Lake: from 4.0.1.1 before 4.0.1.998; Phoenix SecureCore™ for Intel Coffee Lake: from 4.1.0.1 before 4.1.0.562; Phoenix SecureCore™ for Intel Ice Lake: from 4.2.0.1 before 4.2.0.323; Phoenix SecureCore™ for Intel Comet Lake: from 4.2.1.1 before 4.2.1.287; Phoenix SecureCore™ for Intel Tiger Lake: from 4.3.0.1 before 4.3.0.236; Phoenix SecureCore™ for Intel Jasper Lake: from 4.3.1.1 before 4.3.1.184; Phoenix SecureCore™ for Intel Alder Lake: from 4.4.0.1 before 4.4.0.269; Phoenix SecureCore™ for Intel Raptor Lake: from 4.5.0.1 before 4.5.0.218; Phoenix SecureCore™ for Intel Meteor Lake: from 4.5.1.1 before 4.5.1.15.	Potential buffer overflow in unsafe UEFI variable handling in Phoenix SecureCore™ for select Intel platforms This issue affects: Phoenix SecureCore™ for Intel Kaby Lake: from 4.0.1.1 before 4.0.1.998; Phoenix SecureCore™ for Intel Coffee Lake: from 4.1.0.1 before 4.1.0.562; Phoenix SecureCore™ for Intel Ice Lake: from 4.2.0.1 before 4.2.0.323; Phoenix SecureCore™ for Intel Comet Lake: from 4.2.1.1 before 4.2.1.287; Phoenix SecureCore™ for Intel Tiger Lake: from 4.3.0.1 before 4.3.0.236; Phoenix SecureCore™ for Intel Jasper Lake: from 4.3.1.1 before 4.3.1.184; Phoenix SecureCore™ for Intel Alder Lake: from 4.4.0.1 before 4.4.0.269; Phoenix SecureCore™ for Intel Raptor Lake: from 4.5.0.1 before 4.5.0.218; Phoenix SecureCore™ for Intel Meteor Lake: from 4.5.1.1 before 4.5.1.15.

MITRE

Status: PUBLISHED

Assigner: Phoenix

Published: 2024-05-14T14:56:25.578Z

Updated: 2025-03-20T13:37:52.909Z

Reserved: 2024-01-19T20:40:59.164Z

Link: CVE-2024-0762

Vulnrichment

Updated: 2024-08-01T18:18:17.893Z

NVD

Status : Awaiting Analysis

Published: 2024-05-14T16:15:53.287

Modified: 2025-03-20T14:15:16.470

Link: CVE-2024-0762

Redhat

No data.

Metrics

Attack Vector Local

Attack Complexity High

Privileges Required High

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact total

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object