Recently Discovered Phoenix UEFI Bug Allows Code Execution On Affected Devices

A vulnerability in Phoenix SecureCore UEFI firmware, CVE-2024-0762, impacts devices with many Intel CPUs, prompting Lenovo to release new firmware updates. Known as 'UEFICANHAZBUFFEROVERFLOW,' this buffer overflow bug in the TPM configuration allows code execution on affected devices. Discovered by Eclypsium on Lenovo ThinkPad X1 models, the flaw also affects firmware for various Intel CPUs, potentially impacting hundreds of models from Lenovo, Dell, Acer, and HP. Read more...