Unsafe Handling of Phoenix UEFI Variables
Description
Improper exception handling in Phoenix SecureCore UEFI firmware for specific Intel platforms allows an attacker with local access to manipulate input data, potentially causing denial of service.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Improper exception handling in Phoenix SecureCore UEFI firmware for specific Intel platforms allows an attacker with local access to manipulate input data, potentially causing denial of service.
Vulnerability
CVE-2024-29979 is an Improper Check for Unusual or Exceptional Conditions vulnerability in Phoenix SecureCore™ UEFI firmware. It resides in the handling of a Phoenix-specific UEFI variable, leading to unsafe memory access. Affected platforms are Intel Kaby Lake (before 4.0.1.1012), Coffee Lake (before 4.1.0.568), Comet Lake (before 4.2.1.292), and Ice Lake (before 4.2.0.334) [1]. The vulnerability is triggered when the firmware processes a specially crafted UEFI variable without proper validation, potentially causing a temporary denial of service [1].
Exploitation
An attacker with local access to the system must be able to write a malicious UEFI variable to the firmware. This can be achieved from an operating system-level account with sufficient privileges to invoke UEFI runtime services. The attacker does not need physical presence but requires the ability to execute code or commands that can modify UEFI variables. The exploitation sequence involves setting a Phoenix-specific UEFI variable with invalid data, which the firmware then improperly processes on the next boot, leading to an unsafe memory access [1].
Impact
Successful exploitation can cause a temporary denial of service (DoS) due to unsafe memory access, potentially crashing the system or making it unresponsive until a power cycle [1]. The vulnerability does not allow for code execution or privilege escalation beyond the firmware level; the primary impact is on availability, with no direct confidentiality or integrity impact described in available references [1].
Mitigation
Patches for CVE-2024-29979 were made available to partners as of August 2024 [1]. End users should contact their device manufacturer to obtain the updated firmware for their specific platform. Phoenix Technologies recommends updating to the latest firmware version provided by the hardware vendor. No workaround is available; the fix is to apply the updated SecureCore firmware. Affected versions are explicitly listed: Kaby Lake before 4.0.1.1012, Coffee Lake before 4.1.0.568, Comet Lake before 4.2.1.292, and Ice Lake before 4.2.0.334 [1].
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
5- Range: before 4.0.1.1012 for Kaby Lake; before 4.1.0.568 for Coffee Lake; before 4.2.1.292 for Comet Lake; before 4.2.0.334 for Ice Lake
0+ 3 more
- (no CPE)range: 0
- (no CPE)range: 0
- (no CPE)range: 0
- (no CPE)range: 0
Patches
0No patches discovered yet.
Vulnerability mechanics
No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.
References
1News mentions
0No linked articles in our index yet.