This major firmware flaw is affecting Intel-powered PCs across the world

A newly discovered bug would allow threat actors to run malicious code, remotely

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Security experts recently found a new vulnerability inIntelCPUs which could allow threat actors to execute malicious code on the flawed devices, remotely.

The vulnerability is described as a buffer overflow bug, and was given a designation of CVE-2024-0762. Many Intel CPUs are said to be affected, including Alder Lake, Coffee Lake, Comet Lake, Ice Lake, Jasper Lake, Kaby Lake, Meteor Lake, Raptor Lake, Rocket Lake, and Tiger Lake.

The bug resides in Phoenix SecureCore UEFI firmware, and was dubbed “‘UEFICANHAZBUFFEROVERFLOW”. Cybersecurity researchers from Eclypsium, who discovered the bug, said they first found it onLenovoThinkPad X1 Carbon 7th Gen and X1 Yoga 4th Gen devices. However, given the amount of different CPUs affected, the actual number of vulnerable endpoints is much, much higher.

Resolving the flaw

BleepingComputersays that Lenovo already released new firmware updates to resolve the flaw. However, with the flaw affecting many different manufacturers, it might take more time for most of the devices to receive a patch. For PC users, it would be wise to check with your manufacturer if they already made a patch available or not.

Describing the vulnerability, Eclypsium said they found it in the System Management Mode (SMM) subsystem of Phoenix SecureCore firmware, and allows threat actors to overwrite adjacent memory. By overwriting it with the right data, the attacker might elevate their privileges and grant themselves the ability to launch code, remotely, with the help ofmalwareknown as a bootkit.

“The issue involves an unsafe variable in the Trusted Platform Module (TPM) configuration that could lead to a buffer overflow and potential malicious code execution,” Eclypsium said. “To be clear, this vulnerability lies in the UEFI code handling TPM configuration—in other words, it doesn’t matter if you have a security chip like a TPM if the underlying code is flawed.”

More from TechRadar Pro

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Dangerous Android banking malware looks to trick victims with fake money transfers

Sophos Firewall hack on government network used an all-new custom malware

Don’t wait until Black Friday, this year’s best Nintendo Switch bundles are on sale now