Medium severity6.4NVD Advisory· Published Aug 26, 2024· Updated Jun 28, 2026
CVE-2024-8105
CVE-2024-8105
Description
A vulnerability exists in UEFI implementations that use a hard-coded software-based Platform Key (PK). An attacker in possession of the corresponding PK private key can sign arbitrary UEFI executables or firmware components, causing them to be trusted by affected systems and potentially bypassing UEFI Secure Boot trust validation.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
9- github.com/binarly-io/Vulnerability-REsearch/blob/main/PKfail/BRLY-2024-005.mdnvd
- kb.cert.org/vuls/id/455367nvd
- security.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-FJ-ISS-2024-072412-Security-Notice.pdfnvd
- uefi.org/specs/UEFI/2.9_A/32_Secure_Boot_and_Driver_Signing.htmlnvd
- www.binarly.io/advisories/brly-2024-005nvd
- www.gigabyte.com/us/Support/Security/2205nvd
- www.intel.com/content/www/us/en/security-center/announcement/intel-security-announcement-2024-07-25-001.htmlnvd
- www.kb.cert.org/vuls/id/455367nvd
- www.supermicro.com/en/support/security_PKFAIL_Jul_2024nvd
News mentions
0No linked articles in our index yet.