Unsafe Handling of IHV UEFI Variables

Vulnerability

CVE-2024-29980 is an improper check for unusual or exceptional conditions in Phoenix SecureCore™ firmware for select Intel processor families: Kaby Lake, Coffee Lake, Comet Lake, and Ice Lake. The vulnerability involves unsafe handling of an Intel-specific UEFI variable, which can lead to unsafe memory access and input data manipulation. Affected firmware versions are: SecureCore™ for Intel Kaby Lake before 4.0.1.1012; for Intel Coffee Lake before 4.1.0.568; for Intel Comet Lake before 4.2.1.292; for Intel Ice Lake before 4.2.0.334. The vulnerability was reported to affect devices using Phoenix SCT firmware on these platforms [1].

Exploitation

To exploit this vulnerability, an attacker must have local access or the ability to modify UEFI variables through a privileged process. The exact exploitation steps involve manipulating the specific UEFI variable to trigger an unsafe memory access condition, potentially leading to a temporary denial of service. No user interaction is required beyond the attacker's ability to write to the variable [1].

Impact

Successful exploitation allows an attacker to cause a temporary denial of service due to unsafe memory access. The impact is limited to availability (CIA: A), with no confidentiality or integrity compromise confirmed by the vendor. The attacker does not gain elevated privileges beyond the ability to write the specific UEFI variable [1].

Mitigation

The vendor released patches for this CVE to partners in August 2024. Users should update their firmware to the latest version by contacting their system manufacturer. The fixed versions are: SecureCore™ for Intel Kaby Lake 4.0.1.1012 or later; for Coffee Lake 4.1.0.568 or later; for Comet Lake 4.2.1.292 or later; for Ice Lake 4.2.0.334 or later [1].