CVE-2024-12533

Vulnerability

Improper Check for Unusual or Exceptional Conditions in Phoenix SecureCore Technology 4 (SCT4) firmware leads to unsafe handling of UEFI variables [1]. This vulnerability affects multiple SCT4 versions: from 4.0.1.0 before 4.0.1.1018, from 4.1.0.1 before 4.1.0.573, from 4.2.0.1 before 4.2.0.338, from 4.2.1.1 before 4.2.1.300, from 4.3.0.1 before 4.3.0.244, from 4.3.1.1 before 4.3.1.187, from 4.4.0.1 before 4.4.0.299, from 4.5.0.1 before 4.5.0.231, from 4.5.1.1 before 4.5.1.103, from 4.5.5.1 before 4.5.5.36, and from 4.6.0.1 before 4.6.0.67 [1]. The code path is reachable on any platform incorporating the affected firmware [1].

Exploitation

An attacker must have local authenticated access or physical presence to write a crafted UEFI variable [1]. The unsafe variable handling can cause invalid memory access when the firmware processes the variable [1]. No user interaction beyond booting the system is required once the variable is in place [1].

Impact

Successful exploitation yields a temporary denial of service (DoS) due to unsafe memory access [1]. The attacker does not gain code execution or persistent data compromise; the system may crash or reboot unexpectedly [1].

Mitigation

Phoenix provided firmware patches to partners no later than November 2024 [1]. Users should contact their system manufacturer for the fixed firmware version corresponding to their platform, and update to the latest available firmware [1]. The specific fixed SCT4 versions are: 4.0.1.1018, 4.1.0.573, 4.2.0.338, 4.2.1.300, 4.3.0.244, 4.3.1.187, 4.4.0.299, 4.5.0.231, 4.5.1.103, 4.5.5.36, and 4.6.0.67 [1]. There is no known workaround other than applying the patch [1].