Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-0762 PoC — Potential buffer overflow when handling UEFI variables

Source
https://github.com/tadash10/Detect-CVE-2024-0762
Associated Vulnerability
Title:Potential buffer overflow when handling UEFI variables (CVE-2024-0762)
Description:Potential buffer overflow in unsafe UEFI variable handling in Phoenix SecureCore™ for select Intel platforms This issue affects: Phoenix SecureCore™ for Intel Kaby Lake: from 4.0.1.1 before 4.0.1.998; Phoenix SecureCore™ for Intel Coffee Lake: from 4.1.0.1 before 4.1.0.562; Phoenix SecureCore™ for Intel Ice Lake: from 4.2.0.1 before 4.2.0.323; Phoenix SecureCore™ for Intel Comet Lake: from 4.2.1.1 before 4.2.1.287; Phoenix SecureCore™ for Intel Tiger Lake: from 4.3.0.1 before 4.3.0.236; Phoenix SecureCore™ for Intel Jasper Lake: from 4.3.1.1 before 4.3.1.184; Phoenix SecureCore™ for Intel Alder Lake: from 4.4.0.1 before 4.4.0.269; Phoenix SecureCore™ for Intel Raptor Lake: from 4.5.0.1 before 4.5.0.218; Phoenix SecureCore™ for Intel Meteor Lake: from 4.5.1.1 before 4.5.1.15.
Description
Detecting vulnerabilities like CVE-2024-0762, particularly in UEFI firmware, is quite challenging due to the low-level nature
Readme
# Detect-CVE-2024-0762
Detecting vulnerabilities like CVE-2024-0762, particularly in UEFI firmware, is quite challenging due to the low-level natureof the firmware and its interactions with the system. This vulnerability is related to the UEFI firmware itself, so traditional file-based malware detection approaches using hashes from sources like MalwareBazaar or VirusTotal are not directly applicable here.
Steps to Detect CVE-2024-0762

    Firmware Version Check: The most effective way to detect if a system is vulnerable to CVE-2024-0762 is to check the version of the UEFI firmware. This involves querying the firmware version and comparing it with known vulnerable versions.

    Vendor and Model-Specific Detection: The detection script will need to consider the specific vendors and models affected by the vulnerability. Firmware versioning can vary between vendors, so the script should handle different methods of retrieving and checking firmware versions.

    Potential Indicators: Look for specific indicators in the firmware or system configuration that might suggest the presence of an exploitation attempt.

This  Python script that provides a basic framework for detecting CVE-2024-0762 by checking the UEFI firmware version. This script is intended for educational purposes and might need adjustments based on the actual environment and firmware querying methods.
File Snapshot

 [4.0K]  /data/pocs/19cb63a68e46c06447b60733c035eafd043fcec8
├── [1.8K]  Firmware Version Detection.py
├── [1.0K]  LICENSE
├── [1.4K]  README.md
└── [6.4K]  UEFIcanhazbufferoverflow Overview

0 directories, 4 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →