Security Notifications
With experts in UEFI firmware development across the globe, the Phoenix Security Team is dedicated to establishing and fortifying trust in firmware.
PKfail: Untrusted Platform Keys Undermine Secure Boot on UEFI Ecosystem
CVE-2024-8105
The Binarly Research Team recently published a report about the firmware vulnerability PKfail. Because of this vulnerability, certain devices shipped with insecure Platform Keys (PK). These keys are used in a test/development environment and were not intended to be shipped with a production-ready device.
Phoenix Technologies Windows Driver Vulnerability
CVE-2023-35841
Phoenix was notified about a vulnerability in a Windows kernel driver that was distributed as a part of our Phoenix Tools Subscription.
Phoenix Technologies Buffer Overflow Vulnerability on GeminiLake
CVE-2024-1598
Phoenix was notified about a vulnerability in UEFI variable interfaces in Phoenix SCT firmware code on some platforms potentially leading to a buffer overflow.
Phoenix Technologies Buffer Overflow Vulnerability in TPM Configuration
CVE-2024-0762
Phoenix was notified about an unsafe UEFI variable handling vulnerability in the TPM configuration for some platforms potentially leading to a buffer overflow.
Critical Vulnerability in Linux XZ Utils Library
CVE-2024-3094 | CISA Alert | Ubuntu Alert
On March 28th, 2024, it was discovered that a sophisticated social engineering attack introduced a backdoor in the XZ Utils library, which provides data compression and decompression services and is included in many Linux distributions.