Vulnerabilites related to Phoenix - SecureCore™ for Intel Kaby Lake
CVE-2024-29979 (GCVE-0-2024-29979)
Vulnerability from cvelistv5
Published
2025-01-14 16:00
Modified
2025-07-28 20:55
Severity ?
4.6 (Medium) - CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L
2.3 (Low) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L
2.3 (Low) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L
VLAI Severity ?
EPSS score ?
CWE
- CWE-754 - Improper Check for Unusual or Exceptional Conditions
Summary
Improper Check for Unusual or Exceptional Conditions vulnerability in Phoenix SecureCore™ for Intel Kaby Lake, Phoenix SecureCore™ for Intel Coffee Lake, Phoenix SecureCore™ for Intel Comet Lake, Phoenix SecureCore™ for Intel Ice Lake allows Input Data Manipulation.This issue affects SecureCore™ for Intel Kaby Lake: before 4.0.1.1012; SecureCore™ for Intel Coffee Lake: before 4.1.0.568; SecureCore™ for Intel Comet Lake: before 4.2.1.292; SecureCore™ for Intel Ice Lake: before 4.2.0.334.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Phoenix | SecureCore™ for Intel Kaby Lake |
Version: 0 < 4.0.1.1012 |
||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-29979",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-14T16:41:31.630839Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-14T16:41:44.962Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "SecureCore\u2122 for Intel Kaby Lake",
"vendor": "Phoenix",
"versions": [
{
"lessThan": "4.0.1.1012",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "affected",
"product": "SecureCore\u2122 for Intel Coffee Lake",
"vendor": "Phoenix",
"versions": [
{
"lessThan": "4.1.0.568",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "affected",
"product": "SecureCore\u2122 for Intel Comet Lake",
"vendor": "Phoenix",
"versions": [
{
"lessThan": "4.2.1.292",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "affected",
"product": "SecureCore\u2122 for Intel Ice Lake",
"vendor": "Phoenix",
"versions": [
{
"lessThan": "4.2.0.334",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Check for Unusual or Exceptional Conditions vulnerability in Phoenix SecureCore\u2122 for Intel Kaby Lake, Phoenix SecureCore\u2122 for Intel Coffee Lake, Phoenix SecureCore\u2122 for Intel Comet Lake, Phoenix SecureCore\u2122 for Intel Ice Lake allows Input Data Manipulation.\u003cp\u003eThis issue affects SecureCore\u2122 for Intel Kaby Lake: before 4.0.1.1012; SecureCore\u2122 for Intel Coffee Lake: before 4.1.0.568; SecureCore\u2122 for Intel Comet Lake: before 4.2.1.292; SecureCore\u2122 for Intel Ice Lake: before 4.2.0.334.\u003c/p\u003e"
}
],
"value": "Improper Check for Unusual or Exceptional Conditions vulnerability in Phoenix SecureCore\u2122 for Intel Kaby Lake, Phoenix SecureCore\u2122 for Intel Coffee Lake, Phoenix SecureCore\u2122 for Intel Comet Lake, Phoenix SecureCore\u2122 for Intel Ice Lake allows Input Data Manipulation.This issue affects SecureCore\u2122 for Intel Kaby Lake: before 4.0.1.1012; SecureCore\u2122 for Intel Coffee Lake: before 4.1.0.568; SecureCore\u2122 for Intel Comet Lake: before 4.2.1.292; SecureCore\u2122 for Intel Ice Lake: before 4.2.0.334."
}
],
"impacts": [
{
"capecId": "CAPEC-153",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-153 Input Data Manipulation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 2.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-754",
"description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-28T20:55:13.618Z",
"orgId": "22d9ba52-f336-4b0d-bf1f-0efbdcc3c1de",
"shortName": "Phoenix"
},
"references": [
{
"url": "https://phoenixtech.com/phoenix-security-notifications/cve-2024-29979/"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Unsafe Handling of Phoenix UEFI Variables",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "22d9ba52-f336-4b0d-bf1f-0efbdcc3c1de",
"assignerShortName": "Phoenix",
"cveId": "CVE-2024-29979",
"datePublished": "2025-01-14T16:00:15.221Z",
"dateReserved": "2024-03-22T21:30:22.857Z",
"dateUpdated": "2025-07-28T20:55:13.618Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-29980 (GCVE-0-2024-29980)
Vulnerability from cvelistv5
Published
2025-01-14 16:00
Modified
2025-07-28 20:54
Severity ?
4.6 (Medium) - CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L
2.3 (Low) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L
2.3 (Low) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L
VLAI Severity ?
EPSS score ?
CWE
- CWE-754 - Improper Check for Unusual or Exceptional Conditions
Summary
Improper Check for Unusual or Exceptional Conditions vulnerability in Phoenix SecureCore™ for Intel Kaby Lake, Phoenix SecureCore™ for Intel Coffee Lake, Phoenix SecureCore™ for Intel Comet Lake, Phoenix SecureCore™ for Intel Ice Lake allows Input Data Manipulation.This issue affects SecureCore™ for Intel Kaby Lake: before 4.0.1.1012; SecureCore™ for Intel Coffee Lake: before 4.1.0.568; SecureCore™ for Intel Comet Lake: before 4.2.1.292; SecureCore™ for Intel Ice Lake: before 4.2.0.334.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Phoenix | SecureCore™ for Intel Kaby Lake |
Version: 0 < 4.0.1.1012 |
||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-29980",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-14T16:41:13.527370Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-14T16:41:16.295Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "SecureCore\u2122 for Intel Kaby Lake",
"vendor": "Phoenix",
"versions": [
{
"lessThan": "4.0.1.1012",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "affected",
"product": "SecureCore\u2122 for Intel Coffee Lake",
"vendor": "Phoenix",
"versions": [
{
"lessThan": "4.1.0.568",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "affected",
"product": "SecureCore\u2122 for Intel Comet Lake",
"vendor": "Phoenix",
"versions": [
{
"lessThan": "4.2.1.292",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "affected",
"product": "SecureCore\u2122 for Intel Ice Lake",
"vendor": "Phoenix",
"versions": [
{
"lessThan": "4.2.0.334",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Check for Unusual or Exceptional Conditions vulnerability in Phoenix SecureCore\u2122 for Intel Kaby Lake, Phoenix SecureCore\u2122 for Intel Coffee Lake, Phoenix SecureCore\u2122 for Intel Comet Lake, Phoenix SecureCore\u2122 for Intel Ice Lake allows Input Data Manipulation.\u003cp\u003eThis issue affects SecureCore\u2122 for Intel Kaby Lake: before 4.0.1.1012; SecureCore\u2122 for Intel Coffee Lake: before 4.1.0.568; SecureCore\u2122 for Intel Comet Lake: before 4.2.1.292; SecureCore\u2122 for Intel Ice Lake: before 4.2.0.334.\u003c/p\u003e"
}
],
"value": "Improper Check for Unusual or Exceptional Conditions vulnerability in Phoenix SecureCore\u2122 for Intel Kaby Lake, Phoenix SecureCore\u2122 for Intel Coffee Lake, Phoenix SecureCore\u2122 for Intel Comet Lake, Phoenix SecureCore\u2122 for Intel Ice Lake allows Input Data Manipulation.This issue affects SecureCore\u2122 for Intel Kaby Lake: before 4.0.1.1012; SecureCore\u2122 for Intel Coffee Lake: before 4.1.0.568; SecureCore\u2122 for Intel Comet Lake: before 4.2.1.292; SecureCore\u2122 for Intel Ice Lake: before 4.2.0.334."
}
],
"impacts": [
{
"capecId": "CAPEC-153",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-153 Input Data Manipulation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 2.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-754",
"description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-28T20:54:33.057Z",
"orgId": "22d9ba52-f336-4b0d-bf1f-0efbdcc3c1de",
"shortName": "Phoenix"
},
"references": [
{
"url": "https://phoenixtech.com/phoenix-security-notifications/cve-2024-29980/"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Unsafe Handling of IHV UEFI Variables",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "22d9ba52-f336-4b0d-bf1f-0efbdcc3c1de",
"assignerShortName": "Phoenix",
"cveId": "CVE-2024-29980",
"datePublished": "2025-01-14T16:00:15.300Z",
"dateReserved": "2024-03-22T21:30:22.857Z",
"dateUpdated": "2025-07-28T20:54:33.057Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-0762 (GCVE-0-2024-0762)
Vulnerability from cvelistv5
Published
2024-05-14 14:56
Modified
2025-07-28 20:53
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Potential buffer overflow
in unsafe UEFI variable handling
in Phoenix SecureCore™ for select Intel platforms
This issue affects:
Phoenix
SecureCore™ for Intel Kaby Lake: from 4.0.1.1 before 4.0.1.998;
Phoenix
SecureCore™ for Intel Coffee Lake: from 4.1.0.1 before 4.1.0.562;
Phoenix
SecureCore™ for Intel Ice Lake: from 4.2.0.1 before 4.2.0.323;
Phoenix
SecureCore™ for Intel Comet Lake: from 4.2.1.1 before 4.2.1.287;
Phoenix
SecureCore™ for Intel Tiger Lake: from 4.3.0.1 before 4.3.0.236;
Phoenix
SecureCore™ for Intel Jasper Lake: from 4.3.1.1 before 4.3.1.184;
Phoenix
SecureCore™ for Intel Alder Lake: from 4.4.0.1 before 4.4.0.269;
Phoenix
SecureCore™ for Intel Raptor Lake: from 4.5.0.1 before 4.5.0.218;
Phoenix
SecureCore™ for Intel Meteor Lake: from 4.5.1.1 before 4.5.1.15.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Phoenix | SecureCore™ for Intel Kaby Lake |
Version: 4.0.1.1 < 4.0.1.998 |
|||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:phoenix:securecore_technology:4.0.1.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "securecore_technology",
"vendor": "phoenix",
"versions": [
{
"lessThan": "4.0.1.998",
"status": "affected",
"version": "4.0.1.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:phoenix:securecore_technology:4.1.0.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "securecore_technology",
"vendor": "phoenix",
"versions": [
{
"lessThan": "4.1.0.562",
"status": "affected",
"version": "4.1.0.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:phoenix:securecore_technology:4.2.0.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "securecore_technology",
"vendor": "phoenix",
"versions": [
{
"lessThan": "4.2.0.323",
"status": "affected",
"version": "4.2.0.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:phoenix:securecore_technology:4.2.1.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "securecore_technology",
"vendor": "phoenix",
"versions": [
{
"lessThan": "4.2.1.287",
"status": "affected",
"version": "4.2.1.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:phoenix:securecore_technology:4.3.0.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "securecore_technology",
"vendor": "phoenix",
"versions": [
{
"lessThan": "4.3.0.236",
"status": "affected",
"version": "4.3.0.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:phoenix:securecore_technology:4.3.1.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "securecore_technology",
"vendor": "phoenix",
"versions": [
{
"lessThan": "4.3.1.184",
"status": "affected",
"version": "4.3.1.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:phoenix:securecore_technology:4.4.0.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "securecore_technology",
"vendor": "phoenix",
"versions": [
{
"lessThan": "4.4.0.269",
"status": "affected",
"version": "4.4.0.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:phoenix:securecore_technology:4.5.0.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "securecore_technology",
"vendor": "phoenix",
"versions": [
{
"lessThan": "4.5.0.218",
"status": "affected",
"version": "4.5.0.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:phoenix:securecore_technology:4.5.1.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "securecore_technology",
"vendor": "phoenix",
"versions": [
{
"lessThan": "4.5.1.15",
"status": "affected",
"version": "4.5.1.1",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-0762",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-14T15:18:12.193624Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-20T13:37:52.909Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:18:17.893Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.phoenix.com/security-notifications/cve-2024-0762/"
},
{
"tags": [
"x_transferred"
],
"url": "https://eclypsium.com/blog/ueficanhazbufferoverflow-widespread-impact-from-vulnerability-in-popular-pc-and-server-firmware/"
},
{
"tags": [
"x_transferred"
],
"url": "https://news.ycombinator.com/item?id=40747852"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SecureCore\u2122 for Intel Kaby Lake",
"vendor": "Phoenix",
"versions": [
{
"lessThan": "4.0.1.998",
"status": "affected",
"version": "4.0.1.1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SecureCore\u2122 for Intel Coffee Lake",
"vendor": "Phoenix",
"versions": [
{
"lessThan": "4.1.0.562",
"status": "affected",
"version": "4.1.0.1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SecureCore\u2122 for Intel Ice Lake",
"vendor": "Phoenix",
"versions": [
{
"lessThan": "4.2.0.323",
"status": "affected",
"version": "4.2.0.1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SecureCore\u2122 for Intel Comet Lake",
"vendor": "Phoenix",
"versions": [
{
"lessThan": "4.2.1.287",
"status": "affected",
"version": "4.2.1.1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SecureCore\u2122 for Intel Tiger Lake",
"vendor": "Phoenix",
"versions": [
{
"lessThan": "4.3.0.236",
"status": "affected",
"version": "4.3.0.1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SecureCore\u2122 for Intel Jasper Lake",
"vendor": "Phoenix",
"versions": [
{
"lessThan": "4.3.1.184",
"status": "affected",
"version": "4.3.1.1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SecureCore\u2122 for Intel Alder Lake",
"vendor": "Phoenix",
"versions": [
{
"lessThan": "4.4.0.269",
"status": "affected",
"version": "4.4.0.1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SecureCore\u2122 for Intel Raptor Lake",
"vendor": "Phoenix",
"versions": [
{
"lessThan": "4.5.0.218",
"status": "affected",
"version": "4.5.0.1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SecureCore\u2122 for Intel Meteor Lake",
"vendor": "Phoenix",
"versions": [
{
"lessThan": "4.5.1.15",
"status": "affected",
"version": "4.5.1.1",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Oren Isacson from Eclypsium"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003e\nPotential buffer overflow \nin unsafe UEFI variable handling \n\nin Phoenix SecureCore\u2122 for select Intel platforms\u003c/div\u003e\u003cbr\u003e\u003cp\u003eThis issue affects:\u003c/p\u003e\u003cp\u003e\nPhoenix \n\nSecureCore\u2122 for Intel Kaby Lake: from 4.0.1.1 before 4.0.1.998;\u003c/p\u003e\u003cp\u003e\nPhoenix \n\nSecureCore\u2122 for Intel Coffee Lake: from 4.1.0.1 before 4.1.0.562;\u003c/p\u003e\u003cp\u003e\nPhoenix \n\nSecureCore\u2122 for Intel Ice Lake: from 4.2.0.1 before 4.2.0.323;\u003c/p\u003e\u003cp\u003e\nPhoenix \n\nSecureCore\u2122 for Intel Comet Lake: from 4.2.1.1 before 4.2.1.287;\u003c/p\u003e\u003cp\u003e\nPhoenix \n\nSecureCore\u2122 for Intel Tiger Lake: from 4.3.0.1 before 4.3.0.236;\u003c/p\u003e\u003cp\u003e\nPhoenix \n\nSecureCore\u2122 for Intel Jasper Lake: from 4.3.1.1 before 4.3.1.184;\u003c/p\u003e\u003cp\u003e\nPhoenix \n\nSecureCore\u2122 for Intel Alder Lake: from 4.4.0.1 before 4.4.0.269;\u003c/p\u003e\u003cp\u003e\nPhoenix \n\nSecureCore\u2122 for Intel Raptor Lake: from 4.5.0.1 before 4.5.0.218;\u003c/p\u003e\u003cp\u003e\nPhoenix \n\nSecureCore\u2122 for Intel Meteor Lake: from 4.5.1.1 before 4.5.1.15.\u003c/p\u003e"
}
],
"value": "Potential buffer overflow \nin unsafe UEFI variable handling \n\nin Phoenix SecureCore\u2122 for select Intel platforms\n\n\nThis issue affects:\n\n\nPhoenix \n\nSecureCore\u2122 for Intel Kaby Lake: from 4.0.1.1 before 4.0.1.998;\n\n\nPhoenix \n\nSecureCore\u2122 for Intel Coffee Lake: from 4.1.0.1 before 4.1.0.562;\n\n\nPhoenix \n\nSecureCore\u2122 for Intel Ice Lake: from 4.2.0.1 before 4.2.0.323;\n\n\nPhoenix \n\nSecureCore\u2122 for Intel Comet Lake: from 4.2.1.1 before 4.2.1.287;\n\n\nPhoenix \n\nSecureCore\u2122 for Intel Tiger Lake: from 4.3.0.1 before 4.3.0.236;\n\n\nPhoenix \n\nSecureCore\u2122 for Intel Jasper Lake: from 4.3.1.1 before 4.3.1.184;\n\n\nPhoenix \n\nSecureCore\u2122 for Intel Alder Lake: from 4.4.0.1 before 4.4.0.269;\n\n\nPhoenix \n\nSecureCore\u2122 for Intel Raptor Lake: from 4.5.0.1 before 4.5.0.218;\n\n\nPhoenix \n\nSecureCore\u2122 for Intel Meteor Lake: from 4.5.1.1 before 4.5.1.15."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-28T20:53:10.827Z",
"orgId": "22d9ba52-f336-4b0d-bf1f-0efbdcc3c1de",
"shortName": "Phoenix"
},
"references": [
{
"url": "https://phoenixtech.com/phoenix-security-notifications/CVE-2024-0762/"
},
{
"url": "https://eclypsium.com/blog/ueficanhazbufferoverflow-widespread-impact-from-vulnerability-in-popular-pc-and-server-firmware/"
},
{
"url": "https://news.ycombinator.com/item?id=40747852"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Potential buffer overflow when handling UEFI variables",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "22d9ba52-f336-4b0d-bf1f-0efbdcc3c1de",
"assignerShortName": "Phoenix",
"cveId": "CVE-2024-0762",
"datePublished": "2024-05-14T14:56:25.578Z",
"dateReserved": "2024-01-19T20:40:59.164Z",
"dateUpdated": "2025-07-28T20:53:10.827Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}