Firmware flaw affects numerous generations of Intel CPUs — UEFI code execution vulnerability found for Intel CPUs from 14th Gen Raptor Lake to 6th Gen Skylake CPUs, and TPM will not save you

[Pelican Press 0]

Firmware flaw affects numerous generations of Intel CPUs — UEFI code ********** vulnerability found for Intel CPUs from 14th Gen Raptor Lake to 6th Gen Skylake CPUs, and TPM will not save you

Using its automated binary analysis system Eclypsium Automata,

This is the hidden content, please

• Sign In
• or
• Sign Up

has uncovered the existence of high-impact security vulnerabilities in Phoenix SecureCore UEFI firmware used by a wide variety of motherboard providers and Intel CPUs spanning from 14th Gen to 6th Gen—all the “Lakes” in other words. This vulnerability also extends to several other UEFI BIOS vendors, including

This is the hidden content, please

• Sign In
• or
• Sign Up

. Phoenix is the latest to join the list.

The specific Phoenix SecureCore UEFI firmware vulnerability that prompted this posting is referred to as “UEFIcanhazbufferoverflow” by Eclypsium, which is just a funny way of pointing out that this is a buffer overflow exploit. The specific method in which the “UEFIcanhazbufferoverflow” exploit works is by using an unsafe call to the “GetVariable” UEFI service.

By making unsafe calls, a stack buffer overflow can be created, allowing for arbitrary code to be *********. In the BIOS or its modern counterpart, the UEFI, even a buffer overflow allows for full-system access and control to be gained very quickly, and the consequences of that happening can be challenging to remove from a PC permanently. Sometimes, it may even be impossible without replacing the machine entirely— and that’s not counting passwords and such that may become compromised and still need changing between machines.

Any potentially impacted Intel user should update their BIOS to protect from this issue as soon as possible, though not before creating backups of important files and the original BIOS just in case something goes wrong. Since exploits impacting UEFI are as close to Layer 0 as they get with PC hardware, it’s essential for all parties involved to act as quickly and safely as possible.

As noted by Eclypsium, this Phoenix vulnerability was discovered in a hands-off manner by its Automata security system, which is an automated binary analysis system using the research data of Eclypsium’s own researchers. While there are certainly issues with things like AI-written code and AI “generated” art, it’s always nice to see cutting-edge AI and machine learning tech put toward something useful for humanity.

Get Tom’s Hardware’s best news and in-depth reviews, straight to your inbox.

This is the hidden content, please

• Sign In
• or
• Sign Up

#Firmware #flaw #affects #numerous #generations #Intel #CPUs #UEFI #code #********** #vulnerability #Intel #CPUs #14th #Gen #Raptor #Lake #6th #Gen #Skylake #CPUs #TPM #save

This is the hidden content, please

• Sign In
• or
• Sign Up

For verified travel tips and real support, visit: https://hopzone.eu/