• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

Is anybody on a Phoenix EFI?

Phoenix EFI?

  • Nope, way too application specific or not threatening enough. Not doing that.

    Votes: 2 66.7%

  • Yup, this is either gonna monkeybranch or hockeystick real soon. Correcting course nao.

    Votes: 0 0.0%

  • Phoenix who?

    Votes: 1 33.3%
  • Total voters
    3
  • This poll will close: .
DaemonForce

DaemonForce

Joined
Jan 2, 2024
Messages
329 (1.68/day)
Location
Seattle
System Specs
System Name DevKit
Processor AMD Ryzen 5 3600 ↗4.0GHz
Motherboard Asus TUF Gaming X570-Plus WiFi
Cooling Koolance CPU-300-H06, Koolance GPU-180-L06, SC800 Pump
Memory 4x16GB Ballistix 3200MT/s ↗3600
Video Card(s) PowerColor RX 580 Red Devil 8GB ↗1380MHz ↘1105mV, PowerColor RX 7900 XT Hellhound 20GB
Storage 240GB Corsair MP510, 120GB KingDian S280
Display(s) Nixeus VUE-24 (1080p144)
Case Koolance PC2-601BLW + Koolance EHX1020CUV Radiator Kit
Audio Device(s) Oculus CV-1
Power Supply Antec Earthwatts EA-750 Semi-Modular
Mouse Easterntimes Tech X-08, Zelotes C-12
Keyboard Logitech 106-key, Romoral 15-Key Macro, Royal Kludge RK84
VR HMD Oculus CV-1
Software Windows 10 Pro Workstation, VMware Workstation 16 Pro, MS SQL Server 2016, Fan Control v120, Blender
Benchmark Scores Cinebench R15: 1590cb Cinebench R20: 3530cb (7.83x451cb) CPU-Z 17.01.64: 481.2/3896.8 VRMark: 8009
If you're a human, probably something new to keep you up at night.
If you're an actively learning machine, your snifferer is snackin good tonight.
I found this an hour ago and it reminded me of a post from last month.


It's been ages since I've ever seen or heard of a Phoenix BIOS anywhere but this is the first mention I've seen them anywhere near UEFI.
Guess that's just the world we live in but this definitely means other compromises exist or it will be a short run before discovery, especially as AI does all the footwork.

Title: UEFICanIHazBufferOverFlow bug
Record: CVE-2024-0762
Assigner: Phoenix Technologies, Inc.
Published: 2024-05-14
Updated: 2024-05-14
Title: Potential Buffer Overflow When Handling UEFI Variables

Description​

Potential buffer overflow in unsafe UEFI variable handling in Phoenix SecureCore™ for select Intel platforms This issue affects:
Phoenix SecureCore™ for Intel Kaby Lake: from 4.0.1.1 before 4.0.1.998;
Phoenix SecureCore™ for Intel Coffee Lake: from 4.1.0.1 before 4.1.0.562;
Phoenix SecureCore™ for Intel Ice Lake: from 4.2.0.1 before 4.2.0.323;
Phoenix SecureCore™ for Intel Comet Lake: from 4.2.1.1 before 4.2.1.287;
Phoenix SecureCore™ for Intel Tiger Lake: from 4.3.0.1 before 4.3.0.236;
Phoenix SecureCore™ for Intel Jasper Lake: from 4.3.1.1 before 4.3.1.184;
Phoenix SecureCore™ for Intel Alder Lake: from 4.4.0.1 before 4.4.0.269;
Phoenix SecureCore™ for Intel Raptor Lake: from 4.5.0.1 before 4.5.0.218;
Phoenix SecureCore™ for Intel Meteor Lake: from 4.5.1.1 before 4.5.1.15.

Score 7.5
Severity HIGH
Version 3.1
Vector String CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

As mentioned, it's been a while since I've heard of anything Phoenix and it makes sense seeing how all the currently listed vulns are on Intel specific equipment. I'm sure there will be stuff listed for AMD in the future but it's absolutely wild that this is a recent discovery and I'm just finally hearing anything about it. How did this one go under the radar? I've seen ONE post in the past month with concerns about UEFI malware and while it sounds like a lot of work and something only very specific types of people should ever have to worry about, it no longer seems like such an outrageous possibility given the recent history of supply chain attacks and how entire digital ecosystems can just grind to a halt over some squirrely chunk of code.

So now we're going to invariably see two camps screeching at each other in defensive state to avoid getting bricked/pwned:
1. Yeah never update, the updates are how the attacks have any teeth and the risk of bricking has always been way too unacceptably high.
2. Yeah always update, they protect us better from stuff like this which will inevitably lock in and become the new heavy hitting threat to us all.
Wat do?
 
P4-630

P4-630

Joined
Jan 5, 2006
Messages
18,347 (2.71/day)
System Specs
System Name AlderLake / Laptop
Processor Intel i7 12700K P-Cores @ 5Ghz / Intel i3 7100U
Motherboard Gigabyte Z690 Aorus Master / HP 83A3 (U3E1)
Cooling Noctua NH-U12A 2 fans + Thermal Grizzly Kryonaut Extreme + 5 case fans / Fan
Memory 32GB DDR5 Corsair Dominator Platinum RGB 6000MT/s CL36 / 8GB DDR4 HyperX CL13
Video Card(s) MSI RTX 2070 Super Gaming X Trio / Intel HD620
Storage Samsung 980 Pro 1TB + 970 Evo 500GB + 850 Pro 512GB + 860 Evo 1TB x2 / Samsung 256GB M.2 SSD
Display(s) 23.8" Dell S2417DG 165Hz G-Sync 1440p / 14" 1080p IPS Glossy
Case Be quiet! Silent Base 600 - Window / HP Pavilion
Audio Device(s) Panasonic SA-PMX94 / Realtek onboard + B&O speaker system / Harman Kardon Go + Play / Logitech G533
Power Supply Seasonic Focus Plus Gold 750W / Powerbrick
Mouse Logitech MX Anywhere 2 Laser wireless / Logitech M330 wireless
Keyboard RAPOO E9270P Black 5GHz wireless / HP backlit
Software Windows 11 / Windows 10
Benchmark Scores Cinebench R23 (Single Core) 1936 @ stock Cinebench R23 (Multi Core) 23006 @ stock
Eclypsium discovered the bug in the Lenovo ThinkPad X1 Carbon 7th Gen and X1 Yoga 4th Gen.

eclypsium.com

UEFIcanhazbufferoverflow: Widespread Impact from Vulnerability in Popular PC and Server Firmware - Eclypsium | Supply Chain Security for the Modern Enterprise

Summary Eclypsium Automata, our automated binary analysis system, has identified a high impact vulnerability (CVE-2024-0762 with a reported CVSS of 7.5) in the Phoenix SecureCore UEFI firmware that runs on multiple families of Intel Core desktop and mobile processors. The issue involves an...
eclypsium.com eclypsium.com
 
Last edited:
R-T-B

R-T-B

Supporter
Joined
Aug 20, 2007
Messages
20,987 (3.40/day)
System Specs
System Name Pioneer
Processor Ryzen R9 7950X
Motherboard GIGABYTE Aorus Elite X670 AX
Cooling Noctua NH-D15 + A whole lotta Sunon and Corsair Maglev blower fans...
Memory 64GB (4x 16GB) G.Skill Flare X5 @ DDR5-6000 CL30
Video Card(s) XFX RX 7900 XTX Speedster Merc 310
Storage Intel 905p Optane 960GB boot, +2x Crucial P5 Plus 2TB PCIe 4.0 NVMe SSDs
Display(s) 55" LG 55" B9 OLED 4K Display
Case Thermaltake Core X31
Audio Device(s) TOSLINK->Schiit Modi MB->Asgard 2 DAC Amp->AKG Pro K712 Headphones or HDMI->B9 OLED
Power Supply FSP Hydro Ti Pro 850W
Mouse Logitech G305 Lightspeed Wireless
Keyboard WASD Code v3 with Cherry Green keyswitches + PBT DS keycaps
Software Gentoo Linux x64 / Windows 11 Enterprise IoT 2024
A lot more people are using Phoenix UEFI code than realize it.
 
P4-630

P4-630

Joined
Jan 5, 2006
Messages
18,347 (2.71/day)
System Specs
System Name AlderLake / Laptop
Processor Intel i7 12700K P-Cores @ 5Ghz / Intel i3 7100U
Motherboard Gigabyte Z690 Aorus Master / HP 83A3 (U3E1)
Cooling Noctua NH-U12A 2 fans + Thermal Grizzly Kryonaut Extreme + 5 case fans / Fan
Memory 32GB DDR5 Corsair Dominator Platinum RGB 6000MT/s CL36 / 8GB DDR4 HyperX CL13
Video Card(s) MSI RTX 2070 Super Gaming X Trio / Intel HD620
Storage Samsung 980 Pro 1TB + 970 Evo 500GB + 850 Pro 512GB + 860 Evo 1TB x2 / Samsung 256GB M.2 SSD
Display(s) 23.8" Dell S2417DG 165Hz G-Sync 1440p / 14" 1080p IPS Glossy
Case Be quiet! Silent Base 600 - Window / HP Pavilion
Audio Device(s) Panasonic SA-PMX94 / Realtek onboard + B&O speaker system / Harman Kardon Go + Play / Logitech G533
Power Supply Seasonic Focus Plus Gold 750W / Powerbrick
Mouse Logitech MX Anywhere 2 Laser wireless / Logitech M330 wireless
Keyboard RAPOO E9270P Black 5GHz wireless / HP backlit
Software Windows 11 / Windows 10
Benchmark Scores Cinebench R23 (Single Core) 1936 @ stock Cinebench R23 (Multi Core) 23006 @ stock
J

Jacky_BEL

Joined
Oct 24, 2020
Messages
455 (0.33/day)
Location
Belgium
System Specs
System Name MSi Coffee Lake
Processor i7-8700k
Motherboard MSI Z370 GAMING PRO CARBON AC
Cooling NZXT something AIO loop
Memory 16GB Kingston HyperX 2133 C14 Fury Black
Video Card(s) TITAN Xp Jedi Order Edition
Storage Samsung 960 Evo NVMe
Display(s) Medion 23'
Case Cooler Master Stryker
Audio Device(s) onboard
Power Supply BeQuiet 600W
Mouse Logitech Trackman T-BB18
Keyboard Generic hp
Software Windows 10
I was tinkering with a retro PC (so not EFI) and at first sight it was an AMI BIOS on the boot screen.
But on closer inspection, for a split second the first text on the screen was in fact "Phoenix".
So, if your monitor is slow in switching modes then you would not notice this at all.
Phoenix really never was away , just not in the forefront?
 
Last edited:
P4-630

P4-630

Joined
Jan 5, 2006
Messages
18,347 (2.71/day)
System Specs
System Name AlderLake / Laptop
Processor Intel i7 12700K P-Cores @ 5Ghz / Intel i3 7100U
Motherboard Gigabyte Z690 Aorus Master / HP 83A3 (U3E1)
Cooling Noctua NH-U12A 2 fans + Thermal Grizzly Kryonaut Extreme + 5 case fans / Fan
Memory 32GB DDR5 Corsair Dominator Platinum RGB 6000MT/s CL36 / 8GB DDR4 HyperX CL13
Video Card(s) MSI RTX 2070 Super Gaming X Trio / Intel HD620
Storage Samsung 980 Pro 1TB + 970 Evo 500GB + 850 Pro 512GB + 860 Evo 1TB x2 / Samsung 256GB M.2 SSD
Display(s) 23.8" Dell S2417DG 165Hz G-Sync 1440p / 14" 1080p IPS Glossy
Case Be quiet! Silent Base 600 - Window / HP Pavilion
Audio Device(s) Panasonic SA-PMX94 / Realtek onboard + B&O speaker system / Harman Kardon Go + Play / Logitech G533
Power Supply Seasonic Focus Plus Gold 750W / Powerbrick
Mouse Logitech MX Anywhere 2 Laser wireless / Logitech M330 wireless
Keyboard RAPOO E9270P Black 5GHz wireless / HP backlit
Software Windows 11 / Windows 10
Benchmark Scores Cinebench R23 (Single Core) 1936 @ stock Cinebench R23 (Multi Core) 23006 @ stock
According to toms:

impacting Lenovo, AMI, Insyde, and Intel motherboard firmware.

However I can't find them all mentioned in
eclypsium.com

UEFIcanhazbufferoverflow: Widespread Impact from Vulnerability in Popular PC and Server Firmware - Eclypsium | Supply Chain Security for the Modern Enterprise

Summary Eclypsium Automata, our automated binary analysis system, has identified a high impact vulnerability (CVE-2024-0762 with a reported CVSS of 7.5) in the Phoenix SecureCore UEFI firmware that runs on multiple families of Intel Core desktop and mobile processors. The issue involves an...
eclypsium.com eclypsium.com

www.tomshardware.com

Firmware flaw affects numerous generations of Intel CPUs — UEFI code execution vulnerability found for Intel CPUs from 14th Gen Raptor Lake to 6th Gen Skylake CPUs, and TPM will not save you

Eclypsium Automata uncovers Phoenix as the latest to fall to a significant Arbitrary Code Execution exploit impacting Lenovo, AMI, Insyde, and Intel motherboard firmware.
www.tomshardware.com www.tomshardware.com
 
Last edited:
Klemc

Klemc

Joined
Jan 29, 2023
Messages
989 (1.85/day)
System Specs
System Name KLM
Processor 7800X3D
Motherboard B-650E-E Strix
Cooling Arctic Cooling III 280
Memory 16x2 Fury Renegade 6000-32
Video Card(s) 4070-ti PNY
Storage 512+512+1+2+2+2+2+6+500+256+4+4+4
Display(s) VA 32" 4K@60 - OLED 27" 2K@240
Case 4000D Airflow
Audio Device(s) Edifier 1280Ts
Power Supply Shift 1000
Mouse 502 Hero
Keyboard K68
Software EMDB
Benchmark Scores 0>1000
Phoenix can't die, if it dies it reborns of its cenders ;)
 
Bill_Bright

Bill_Bright

Joined
Jul 25, 2006
Messages
12,518 (1.91/day)
Location
Nebraska, USA
System Specs
System Name Brightworks Systems BWS-6 E-IV
Processor Intel Core i5-6600 @ 3.9GHz
Motherboard Gigabyte GA-Z170-HD3 Rev 1.0
Cooling Quality case, 2 x Fractal Design 140mm fans, stock CPU HSF
Memory 32GB (4 x 8GB) DDR4 3000 Corsair Vengeance
Video Card(s) EVGA GEForce GTX 1050Ti 4Gb GDDR5
Storage Samsung 850 Pro 256GB SSD, Samsung 860 Evo 500GB SSD
Display(s) Samsung S24E650BW LED x 2
Case Fractal Design Define R4
Power Supply EVGA Supernova 550W G2 Gold
Mouse Logitech M190
Keyboard Microsoft Wireless Comfort 5050
Software W10 Pro 64-bit
:( This sounds like a bunch of FUD to me.

First, can anyone name a single developer of BIOS or UEFI code that has never-ever had a vulnerability?

Second, I think it important to note UEFI developers are not out there on their own creating their own versions willy-nilly based on their own set of proprietary criteria. UEFI specifications, a set of industry standard specs, are developed by a consortium of major hardware and software players (many are major competitors) in the industry known as the UEFI Forum. Membership includes many 100s in those industries around the globe, including Apple, Dell, IBM, Google, Microsoft, Linux Foundation, WD, Zoom, Acer, MSI, LG, Matrox, Micron, ASUS, AMD, Intel, Cisco, Cray, Samsung, Symantec, Gigabyte, and many others. I note Phoenix Technologies is one of those on the Board of Directors, along with AMI (another major BIOS/UEFI developer) and others.

Finally, as noted in that Eclypsium Automata article (my bold underline added),
The vulnerability allows a local attacker... .
Click to expand...
A "local" attacker. That means someone has to be sitting down in your chair and already has access to your computer - not to mention, know what they are doing.

Is that possible? Of course! But how likely?

Yes, UEFI rootkits are a growing serious threat and are not to be taken lightly or ignored. But let's be careful to keep the warnings proportional to the real-world, current threat, as well as who we point fingers at.

Edit comment: Fixed a couple typos.
 
Last edited:
You must log in or register to reply here.
Top