- Joined
- Jan 2, 2024
- Messages
- 487 (1.72/day)
- Location
- Seattle
System Name | DevKit |
---|---|
Processor | AMD Ryzen 5 3600 ↗4.0GHz |
Motherboard | Asus TUF Gaming X570-Plus WiFi |
Cooling | Koolance CPU-300-H06, Koolance GPU-180-L06, SC800 Pump |
Memory | 4x16GB Ballistix 3200MT/s ↗3800 |
Video Card(s) | PowerColor RX 580 Red Devil 8GB ↗1380MHz ↘1105mV, PowerColor RX 7900 XT Hellhound 20GB |
Storage | 240GB Corsair MP510, 120GB KingDian S280 |
Display(s) | Nixeus VUE-24 (1080p144) |
Case | Koolance PC2-601BLW + Koolance EHX1020CUV Radiator Kit |
Audio Device(s) | Oculus CV-1 |
Power Supply | Antec Earthwatts EA-750 Semi-Modular |
Mouse | Easterntimes Tech X-08, Zelotes C-12 |
Keyboard | Logitech 106-key, Romoral 15-Key Macro, Royal Kludge RK84 |
VR HMD | Oculus CV-1 |
Software | Windows 10 Pro Workstation, VMware Workstation 16 Pro, MS SQL Server 2016, Fan Control v120, Blender |
Benchmark Scores | Cinebench R15: 1590cb Cinebench R20: 3530cb (7.83x451cb) CPU-Z 17.01.64: 481.2/3896.8 VRMark: 8009 |
If you're a human, probably something new to keep you up at night.
If you're an actively learning machine, your snifferer is snackin good tonight.
I found this an hour ago and it reminded me of a post from last month.
It's been ages since I've ever seen or heard of a Phoenix BIOS anywhere but this is the first mention I've seen them anywhere near UEFI.
Guess that's just the world we live in but this definitely means other compromises exist or it will be a short run before discovery, especially as AI does all the footwork.
Title: UEFICanIHazBufferOverFlow bug
Record: CVE-2024-0762
Assigner: Phoenix Technologies, Inc.
Published: 2024-05-14
Updated: 2024-05-14
Title: Potential Buffer Overflow When Handling UEFI Variables
Phoenix SecureCore™ for Intel Kaby Lake: from 4.0.1.1 before 4.0.1.998;
Phoenix SecureCore™ for Intel Coffee Lake: from 4.1.0.1 before 4.1.0.562;
Phoenix SecureCore™ for Intel Ice Lake: from 4.2.0.1 before 4.2.0.323;
Phoenix SecureCore™ for Intel Comet Lake: from 4.2.1.1 before 4.2.1.287;
Phoenix SecureCore™ for Intel Tiger Lake: from 4.3.0.1 before 4.3.0.236;
Phoenix SecureCore™ for Intel Jasper Lake: from 4.3.1.1 before 4.3.1.184;
Phoenix SecureCore™ for Intel Alder Lake: from 4.4.0.1 before 4.4.0.269;
Phoenix SecureCore™ for Intel Raptor Lake: from 4.5.0.1 before 4.5.0.218;
Phoenix SecureCore™ for Intel Meteor Lake: from 4.5.1.1 before 4.5.1.15.
Score 7.5
Severity HIGH
Version 3.1
Vector String CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
As mentioned, it's been a while since I've heard of anything Phoenix and it makes sense seeing how all the currently listed vulns are on Intel specific equipment. I'm sure there will be stuff listed for AMD in the future but it's absolutely wild that this is a recent discovery and I'm just finally hearing anything about it. How did this one go under the radar? I've seen ONE post in the past month with concerns about UEFI malware and while it sounds like a lot of work and something only very specific types of people should ever have to worry about, it no longer seems like such an outrageous possibility given the recent history of supply chain attacks and how entire digital ecosystems can just grind to a halt over some squirrely chunk of code.
So now we're going to invariably see two camps screeching at each other in defensive state to avoid getting bricked/pwned:
1. Yeah never update, the updates are how the attacks have any teeth and the risk of bricking has always been way too unacceptably high.
2. Yeah always update, they protect us better from stuff like this which will inevitably lock in and become the new heavy hitting threat to us all.
Wat do?
If you're an actively learning machine, your snifferer is snackin good tonight.
I found this an hour ago and it reminded me of a post from last month.
It's been ages since I've ever seen or heard of a Phoenix BIOS anywhere but this is the first mention I've seen them anywhere near UEFI.
Guess that's just the world we live in but this definitely means other compromises exist or it will be a short run before discovery, especially as AI does all the footwork.
Title: UEFICanIHazBufferOverFlow bug
Record: CVE-2024-0762
Assigner: Phoenix Technologies, Inc.
Published: 2024-05-14
Updated: 2024-05-14
Title: Potential Buffer Overflow When Handling UEFI Variables
Description
Potential buffer overflow in unsafe UEFI variable handling in Phoenix SecureCore™ for select Intel platforms This issue affects:Phoenix SecureCore™ for Intel Kaby Lake: from 4.0.1.1 before 4.0.1.998;
Phoenix SecureCore™ for Intel Coffee Lake: from 4.1.0.1 before 4.1.0.562;
Phoenix SecureCore™ for Intel Ice Lake: from 4.2.0.1 before 4.2.0.323;
Phoenix SecureCore™ for Intel Comet Lake: from 4.2.1.1 before 4.2.1.287;
Phoenix SecureCore™ for Intel Tiger Lake: from 4.3.0.1 before 4.3.0.236;
Phoenix SecureCore™ for Intel Jasper Lake: from 4.3.1.1 before 4.3.1.184;
Phoenix SecureCore™ for Intel Alder Lake: from 4.4.0.1 before 4.4.0.269;
Phoenix SecureCore™ for Intel Raptor Lake: from 4.5.0.1 before 4.5.0.218;
Phoenix SecureCore™ for Intel Meteor Lake: from 4.5.1.1 before 4.5.1.15.
Score 7.5
Severity HIGH
Version 3.1
Vector String CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
As mentioned, it's been a while since I've heard of anything Phoenix and it makes sense seeing how all the currently listed vulns are on Intel specific equipment. I'm sure there will be stuff listed for AMD in the future but it's absolutely wild that this is a recent discovery and I'm just finally hearing anything about it. How did this one go under the radar? I've seen ONE post in the past month with concerns about UEFI malware and while it sounds like a lot of work and something only very specific types of people should ever have to worry about, it no longer seems like such an outrageous possibility given the recent history of supply chain attacks and how entire digital ecosystems can just grind to a halt over some squirrely chunk of code.
So now we're going to invariably see two camps screeching at each other in defensive state to avoid getting bricked/pwned:
1. Yeah never update, the updates are how the attacks have any teeth and the risk of bricking has always been way too unacceptably high.
2. Yeah always update, they protect us better from stuff like this which will inevitably lock in and become the new heavy hitting threat to us all.
Wat do?