CVE-2024-0762— Potential buffer overflow when handling UEFI variables
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2024-0762
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Potential buffer overflow when handling UEFI variables
Source: NVD (National Vulnerability Database)
Vulnerability Description
Potential buffer overflow in unsafe UEFI variable handling in Phoenix SecureCore™ for select Intel platforms This issue affects: Phoenix SecureCore™ for Intel Kaby Lake: from 4.0.1.1 before 4.0.1.998; Phoenix SecureCore™ for Intel Coffee Lake: from 4.1.0.1 before 4.1.0.562; Phoenix SecureCore™ for Intel Ice Lake: from 4.2.0.1 before 4.2.0.323; Phoenix SecureCore™ for Intel Comet Lake: from 4.2.1.1 before 4.2.1.287; Phoenix SecureCore™ for Intel Tiger Lake: from 4.3.0.1 before 4.3.0.236; Phoenix SecureCore™ for Intel Jasper Lake: from 4.3.1.1 before 4.3.1.184; Phoenix SecureCore™ for Intel Alder Lake: from 4.4.0.1 before 4.4.0.269; Phoenix SecureCore™ for Intel Raptor Lake: from 4.5.0.1 before 4.5.0.218; Phoenix SecureCore™ for Intel Meteor Lake: from 4.5.1.1 before 4.5.1.15.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Phoenix SecureCore 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Phoenix SecureCore是德国菲尼克斯电气(Phoenix)公司的一个计算机基础输入/输出系统。 Phoenix SecureCore存在安全漏洞,该漏洞源于缓冲区溢出。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Phoenix | SecureCore™ for Intel Kaby Lake | 4.0.1.1 ~ 4.0.1.998 | - | |
| Phoenix | SecureCore™ for Intel Coffee Lake | 4.1.0.1 ~ 4.1.0.562 | - | |
| Phoenix | SecureCore™ for Intel Ice Lake | 4.2.0.1 ~ 4.2.0.323 | - | |
| Phoenix | SecureCore™ for Intel Comet Lake | 4.2.1.1 ~ 4.2.1.287 | - | |
| Phoenix | SecureCore™ for Intel Tiger Lake | 4.3.0.1 ~ 4.3.0.236 | - | |
| Phoenix | SecureCore™ for Intel Jasper Lake | 4.3.1.1 ~ 4.3.1.184 | - | |
| Phoenix | SecureCore™ for Intel Alder Lake | 4.4.0.1 ~ 4.4.0.269 | - | |
| Phoenix | SecureCore™ for Intel Raptor Lake | 4.5.0.1 ~ 4.5.0.218 | - | |
| Phoenix | SecureCore™ for Intel Meteor Lake | 4.5.1.1 ~ 4.5.1.15 | - |
II. Public POCs for CVE-2024-0762
| # | POC Description | Source Link | Shenlong Link |
|---|---|---|---|
| 1 | Detecting vulnerabilities like CVE-2024-0762, particularly in UEFI firmware, is quite challenging due to the low-level nature | https://github.com/tadash10/Detect-CVE-2024-0762 | POC Details |
| 2 | UEFIcanhazbufferoverflow | https://github.com/abandon1337/CVE-2024-0762 | POC Details |
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2024-0762
请登录查看更多情报信息。
Same Patch Batch · Phoenix · 2024-05-14 · 3 CVEs total
| CVE-2023-35841 | 7.8 HIGH | WinFlash Driver Permissions Issue |
| CVE-2024-1598 | 7.5 HIGH | Potential buffer overflow when handling UEFI variables |
IV. Related Vulnerabilities
V. Comments for CVE-2024-0762
No comments yet