Intel CPUs are at risk of being remotely exploited by threat actors due to a new vulnerability discovered by security experts. This bug, known as a buffer overflow and designated as CVE-2024-0762, affects a wide range of Intel CPUs including Alder Lake, Coffee Lake, Comet Lake, Ice Lake, Jasper Lake, Kaby Lake, Meteor Lake, Raptor Lake, Rocket Lake, and Tiger Lake. The vulnerability resides in the Phoenix SecureCore UEFI firmware and has been named “UEFICANHAZBUFFEROVERFLOW.”
The cybersecurity researchers at Eclypsium first identified this vulnerability on Lenovo ThinkPad X1 Carbon 7th Gen and X1 Yoga 4th Gen devices. However, given the extensive list of affected CPUs, the number of vulnerable endpoints is much higher than initially reported. Lenovo has already released firmware updates to address the issue. However, it may take more time for other manufacturers to roll out patches for their devices.
The flaw was found in the System Management Mode (SMM) subsystem of the Phoenix SecureCore firmware, allowing threat actors to overwrite adjacent memory and potentially elevate their privileges. This can lead to the execution of malicious code remotely with the help of a bootkit. Eclypsium explained that the vulnerability lies in the Trusted Platform Module (TPM) configuration within the UEFI code. Having a security chip like a TPM is not effective if the underlying code is flawed.
For PC users
