Security News > 2024 > June > Phoenix UEFI vulnerability impacts hundreds of Intel PC models
A newly discovered vulnerability in Phoenix SecureCore UEFI firmware tracked as CVE-2024-0762 impacts devices running numerous Intel CPUs, with Lenovo already releasing new firmware updates to resolve the flaw.
Due to the large number of Intel CPUs using this firmware, the vulnerability has the potential to impact hundreds of models from Lenovo, Dell, Acer, and HP. UEFI firmware is considered more secure as it includes Secure Boot, which is supported by all modern operating systems, including Windows, macOS, and Linux.
Bootkits are malware that loads very early in the UEFI boot process, giving the malicious programs low-level access to the operation and making them very difficult to detect like we saw the BlackLotus, CosmicStrand, and MosaicAggressor UEFI malware.
Eclypsium says the bug they found lies in a buffer overflow within the System Management Mode subsystem of Phoenix SecureCore firmware, allowing attackers to potentially overwrite adjacent memory.
"To be clear, this vulnerability lies in the UEFI code handling TPM configuration-in other words, it doesn't matter if you have a security chip like a TPM if the underlying code is flawed."
In April, Phoenix issued an advisory and Lenovo began releasing new firmware in May to resolve the vulnerabilities in over 150 different models.