Phoenix SecureCore UEFI Firmware Security Update Advisory
Overview
An update has been released to address vulnerability in the Phoenix SecureCore UEFI firmware. Users of affected versions are advised to update to the latest version.
Affected Products
- Phoenix SecureCore™ for Intel Kaby Lake versions: 4.0.1.1 (inclusive) ~ 4.0.1.988 (excluded)
- Phoenix SecureCore™ for Intel Coffee Lake versions: 4.1.0.1 (inclusive) ~ 4.1.0.562 (excluded)
- Phoenix SecureCore™ for Intel Ice Lake versions: 4.2.0.1 (inclusive) ~ 4.2.0.323 (excluded)
- Phoenix SecureCore™ for Intel Comet Lake versions: 4.2.1.1 (inclusive) ~ 4.2.1.287 (excluded)
- Phoenix SecureCore™ for Intel Tiger Lake versions: 4.3.0.1 (inclusive) ~ 4.3.0.236 (excluded)
- Phoenix SecureCore™ for Intel Jasper Lake versions: 4.3.1.1 (inclusive) ~ 4.3.1.184 (excluded)
- Phoenix SecureCore™ for Intel Alder Lake versions: 4.4.0.1 (inclusive) ~ 4.4.0.269 (excluded)
- Phoenix SecureCore™ for Intel Raptor Lake versions: 4.5.0.1 (inclusive) ~ 4.5.0.218 (excluded)
- Phoenix SecureCore™ for Intel Meteor Lake versions: 4.5.1.1 (inclusive) ~ 4.5.1.15 (excluded)
Resolved Vulnerabilities
Buffer overflow vulnerability in Phoenix SecureCore UEFI firmware that could allow attackers to execute arbitrary code (CVE-2024-0762)
Vulnerability Patches
Vulnerability patches were made available in the latest update. Please follow the instructions on the Referenced Sites[3] to update to the latest Vulnerability Patches version.
Referenced Sites
[1] CVE-2024-0762 Detail
https://nvd.nist.gov/vuln/detail/CVE-2024-0762
[2] ueficanhazbuffoverflow: widespread impact from vulnerability in popular pc and server firmware
[3] Multi-vendor BIOS Security Vulnerabilities (May, 2024)
https://support.lenovo.com/kr/ko/product_security/LEN-158632