VYPR
← All advisories
Unrated severityNVD Advisory· Published May 14, 2024· Updated Jul 28, 2025

Potential buffer overflow when handling UEFI variables

CVE-2024-0762

Description

Buffer overflow in Phoenix SecureCore UEFI firmware TPM configuration allows local privilege escalation and code execution in firmware.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Buffer overflow in Phoenix SecureCore UEFI firmware TPM configuration allows local privilege escalation and code execution in firmware.

Vulnerability

A buffer overflow vulnerability exists in the Phoenix SecureCore UEFI firmware due to unsafe handling of the TPM configuration variable TCG2_CONFIGURATION [1][2]. This affects devices using Phoenix SecureCore on Intel processor families including Kaby Lake (4.0.1.1 to before 4.0.1.998), Coffee Lake (4.1.0.1 to before 4.1.0.562), Ice Lake (4.2.0.1 to before 4.2.0.323), Comet Lake (4.2.1.1 to before 4.2.1.287), Tiger Lake (4.3.0.1 to before 4.3.0.236), Jasper Lake (4.3.1.1 to before 4.3.1.184), Alder Lake (4.4.0.1 to before 4.4.0.269), Raptor Lake (4.5.0.1 to before 4.5.0.218), Meteor Lake (4.5.1.1 to before 4.5.1.15), and Rocket Lake [1][2]. The vulnerability is reachable when the TCG2_CONFIGURATION variable is writable from the operating system, which may vary by platform configuration [1].

Exploitation

An attacker with local access to the system can exploit the buffer overflow by writing a crafted value to the TCG2_CONFIGURATION UEFI variable [1]. No additional authentication or user interaction is required beyond local OS-level access. The overflow occurs during runtime when the firmware processes the variable, allowing the attacker to execute arbitrary code within the UEFI firmware context [1].

Impact

Successful exploitation grants the attacker code execution within the UEFI firmware, enabling persistent firmware-level compromise. This can be used to install a firmware backdoor (similar to BlackLotus) that survives OS reinstallation and evades security software running at the operating system layer [1]. The attacker gains elevated privileges and full control over the device's boot process and low-level hardware interactions.

Mitigation

Phoenix Technologies released fixed firmware versions in April 2024 [2]. Users should obtain the updated firmware from their device manufacturer (OEM) and apply it immediately. No workarounds are available. The vulnerability is not listed on the CISA Known Exploited Vulnerabilities (KEV) catalog as of the publication date. Phoenix recommends contacting the hardware vendor for device-specific updates [2].

References
  1. UEFIcanhazbufferoverflow: Widespread Impact from Vulnerability in Popular PC and Server Firmware
  2. Phoenix Technologies Buffer Overflow Vulnerability in TPM Configuration - Phoenix Technologies - Leading PC Innovation since 1979

AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2

Patches

0

No patches discovered yet.

Vulnerability mechanics

No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.

References

3

News mentions

0

No linked articles in our index yet.