PhoenixVULNRICHMENT:CVE-2024-0762CVE-2024-0762 Potential buffer overflow when handling UEFI variables
7.5 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
7.5 High
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
15.8%
Potential buffer overflow
in unsafe UEFI variable handling
in Phoenix SecureCore™ for select Intel platforms
This issue affects:
Phoenix
SecureCore™ for Intel Kaby Lake: from 4.0.1.1 before 4.0.1.998;
Phoenix
SecureCore™ for Intel Coffee Lake: from 4.1.0.1 before 4.1.0.562;
Phoenix
SecureCore™ for Intel Ice Lake: from 4.2.0.1 before 4.2.0.323;
Phoenix
SecureCore™ for Intel Comet Lake: from 4.2.1.1 before 4.2.1.287;
Phoenix
SecureCore™ for Intel Tiger Lake: from 4.3.0.1 before 4.3.0.236;
Phoenix
SecureCore™ for Intel Jasper Lake: from 4.3.1.1 before 4.3.1.184;
Phoenix
SecureCore™ for Intel Alder Lake: from 4.4.0.1 before 4.4.0.269;
Phoenix
SecureCore™ for Intel Raptor Lake: from 4.5.0.1 before 4.5.0.218;
Phoenix
SecureCore™ for Intel Meteor Lake: from 4.5.1.1 before 4.5.1.15.
CNA Affected
[
{
"vendor": "Phoenix",
"product": "SecureCore™ for Intel Kaby Lake",
"versions": [
{
"status": "affected",
"version": "4.0.1.1",
"lessThan": "4.0.1.998",
"versionType": "custom"
}
],
"defaultStatus": "unaffected"
},
{
"vendor": "Phoenix",
"product": "SecureCore™ for Intel Coffee Lake",
"versions": [
{
"status": "affected",
"version": "4.1.0.1",
"lessThan": "4.1.0.562",
"versionType": "custom"
}
],
"defaultStatus": "unaffected"
},
{
"vendor": "Phoenix",
"product": "SecureCore™ for Intel Ice Lake",
"versions": [
{
"status": "affected",
"version": "4.2.0.1",
"lessThan": "4.2.0.323",
"versionType": "custom"
}
],
"defaultStatus": "unaffected"
},
{
"vendor": "Phoenix",
"product": "SecureCore™ for Intel Comet Lake",
"versions": [
{
"status": "affected",
"version": "4.2.1.1",
"lessThan": "4.2.1.287",
"versionType": "custom"
}
],
"defaultStatus": "unaffected"
},
{
"vendor": "Phoenix",
"product": "SecureCore™ for Intel Tiger Lake",
"versions": [
{
"status": "affected",
"version": "4.3.0.1",
"lessThan": "4.3.0.236",
"versionType": "custom"
}
],
"defaultStatus": "unaffected"
},
{
"vendor": "Phoenix",
"product": "SecureCore™ for Intel Jasper Lake",
"versions": [
{
"status": "affected",
"version": "4.3.1.1",
"lessThan": "4.3.1.184",
"versionType": "custom"
}
],
"defaultStatus": "unaffected"
},
{
"vendor": "Phoenix",
"product": "SecureCore™ for Intel Alder Lake",
"versions": [
{
"status": "affected",
"version": "4.4.0.1",
"lessThan": "4.4.0.269",
"versionType": "custom"
}
],
"defaultStatus": "unaffected"
},
{
"vendor": "Phoenix",
"product": "SecureCore™ for Intel Raptor Lake",
"versions": [
{
"status": "affected",
"version": "4.5.0.1",
"lessThan": "4.5.0.218",
"versionType": "custom"
}
],
"defaultStatus": "unaffected"
},
{
"vendor": "Phoenix",
"product": "SecureCore™ for Intel Meteor Lake",
"versions": [
{
"status": "affected",
"version": "4.5.1.1",
"lessThan": "4.5.1.15",
"versionType": "custom"
}
],
"defaultStatus": "unaffected"
}
]Related
7.5 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
7.5 High
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
15.8%