Lucene search

PhoenixCVELIST:CVE-2024-1598

HistoryMay 14, 2024 - 2:56 p.m.

CVE-2024-1598 Potential buffer overflow when handling UEFI variables

2024-05-1414:56:38

Phoenix

www.cve.org

buffer overflow

uefi

phoenix securecore™

intel gemini lake

7.5 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

0.0004 Low

EPSS

Percentile

9.1%

JSON

Potential buffer overflow
in unsafe UEFI variable handling

in Phoenix SecureCore™ for Intel Gemini Lake.This issue affects:

SecureCore™ for Intel Gemini Lake: from 4.1.0.1 before 4.1.0.567.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "SecureCore™ for Intel Gemini Lake",
    "vendor": "Phoenix",
    "versions": [
      {
        "lessThan": "4.1.0.567",
        "status": "affected",
        "version": "4.1.0.1",
        "versionType": "custom"
      }
    ]
  }
]

References

www.phoenix.com/security-notifications/cve-2024-1598/

7.5 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for CVELIST:CVE-2024-1598