Phoenix Technologies has been notified by IOActive researchers of a security issue in its SecureCore Technology SPI SMM Driver that could allow unauthorized access to the SPI flash on some platforms. This issue affects certain versions of SecureCore Technology 4, and Phoenix Technologies has released patches to address it. Please refer to CVE-2023-31100 for more details and instructions on how to update your firmware. Phoenix thanks IOActive for their responsible disclosure and cooperation.
