PhoenixVULNRICHMENT:CVE-2024-0762CVE-2024-0762 Potential buffer overflow when handling UEFI variables
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
AI Score
Confidence
Low
EPSS
Percentile
15.6%
SSVC
Exploitation
none
Automatable
no
Technical Impact
total
Potential buffer overflow
in unsafe UEFI variable handling
in Phoenix SecureCore™ for select Intel platforms
This issue affects:
Phoenix
SecureCore™ for Intel Kaby Lake: from 4.0.1.1 before 4.0.1.998;
Phoenix
SecureCore™ for Intel Coffee Lake: from 4.1.0.1 before 4.1.0.562;
Phoenix
SecureCore™ for Intel Ice Lake: from 4.2.0.1 before 4.2.0.323;
Phoenix
SecureCore™ for Intel Comet Lake: from 4.2.1.1 before 4.2.1.287;
Phoenix
SecureCore™ for Intel Tiger Lake: from 4.3.0.1 before 4.3.0.236;
Phoenix
SecureCore™ for Intel Jasper Lake: from 4.3.1.1 before 4.3.1.184;
Phoenix
SecureCore™ for Intel Alder Lake: from 4.4.0.1 before 4.4.0.269;
Phoenix
SecureCore™ for Intel Raptor Lake: from 4.5.0.1 before 4.5.0.218;
Phoenix
SecureCore™ for Intel Meteor Lake: from 4.5.1.1 before 4.5.1.15.
ADP Affected
[
{
"cpes": [
"cpe:2.3:a:phoenix:securecore_technology:4.0.1.1:*:*:*:*:*:*:*"
],
"vendor": "phoenix",
"product": "securecore_technology",
"versions": [
{
"status": "affected",
"version": "4.0.1.1",
"lessThan": "4.0.1.998",
"versionType": "custom"
}
],
"defaultStatus": "unknown"
},
{
"cpes": [
"cpe:2.3:a:phoenix:securecore_technology:4.1.0.1:*:*:*:*:*:*:*"
],
"vendor": "phoenix",
"product": "securecore_technology",
"versions": [
{
"status": "affected",
"version": "4.1.0.1",
"lessThan": "4.1.0.562",
"versionType": "custom"
}
],
"defaultStatus": "unknown"
},
{
"cpes": [
"cpe:2.3:a:phoenix:securecore_technology:4.2.0.1:*:*:*:*:*:*:*"
],
"vendor": "phoenix",
"product": "securecore_technology",
"versions": [
{
"status": "affected",
"version": "4.2.0.1",
"lessThan": "4.2.0.323",
"versionType": "custom"
}
],
"defaultStatus": "unknown"
},
{
"cpes": [
"cpe:2.3:a:phoenix:securecore_technology:4.2.1.1:*:*:*:*:*:*:*"
],
"vendor": "phoenix",
"product": "securecore_technology",
"versions": [
{
"status": "affected",
"version": "4.2.1.1",
"lessThan": "4.2.1.287",
"versionType": "custom"
}
],
"defaultStatus": "unknown"
},
{
"cpes": [
"cpe:2.3:a:phoenix:securecore_technology:4.3.0.1:*:*:*:*:*:*:*"
],
"vendor": "phoenix",
"product": "securecore_technology",
"versions": [
{
"status": "affected",
"version": "4.3.0.1",
"lessThan": "4.3.0.236",
"versionType": "custom"
}
],
"defaultStatus": "unknown"
},
{
"cpes": [
"cpe:2.3:a:phoenix:securecore_technology:4.3.1.1:*:*:*:*:*:*:*"
],
"vendor": "phoenix",
"product": "securecore_technology",
"versions": [
{
"status": "affected",
"version": "4.3.1.1",
"lessThan": "4.3.1.184",
"versionType": "custom"
}
],
"defaultStatus": "unknown"
},
{
"cpes": [
"cpe:2.3:a:phoenix:securecore_technology:4.4.0.1:*:*:*:*:*:*:*"
],
"vendor": "phoenix",
"product": "securecore_technology",
"versions": [
{
"status": "affected",
"version": "4.4.0.1",
"lessThan": "4.4.0.269",
"versionType": "custom"
}
],
"defaultStatus": "unknown"
},
{
"cpes": [
"cpe:2.3:a:phoenix:securecore_technology:4.5.0.1:*:*:*:*:*:*:*"
],
"vendor": "phoenix",
"product": "securecore_technology",
"versions": [
{
"status": "affected",
"version": "4.5.0.1",
"lessThan": "4.5.0.218",
"versionType": "custom"
}
],
"defaultStatus": "unknown"
},
{
"cpes": [
"cpe:2.3:a:phoenix:securecore_technology:4.5.1.1:*:*:*:*:*:*:*"
],
"vendor": "phoenix",
"product": "securecore_technology",
"versions": [
{
"status": "affected",
"version": "4.5.1.1",
"lessThan": "4.5.1.15",
"versionType": "custom"
}
],
"defaultStatus": "unknown"
}
]Related
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
AI Score
Confidence
Low
EPSS
Percentile
15.6%
SSVC
Exploitation
none
Automatable
no
Technical Impact
total