Phoenix was notified about an unsafe UEFI variable handling vulnerability in the TPM configuration for some platforms potentially leading to a buffer overflow.
Tracked under CVE-2024-0762, this vulnerability affects devices using Phoenix SecureCore firmware running on select Intel processor families including: AlderLake, CoffeeLake, CometLake, IceLake, JasperLake, KabyLake, MeteorLake, RaptorLake, RocketLake, and TigerLake.
Mitigations for CVE-2024-0762 were made available in April of 2024.
For device-specific information, please contact your system manufacturer.
Phoenix Technologies strongly recommends customers to update their firmware to the latest version and contact their hardware vendor as soon as possible to prevent any potential exploitation of this flaw.
Phoenix would like to thank Oren Isacson from Eclypsium for their collaboration in coordinated disclosure for this vulnerability.
