Phoenix was notified about a vulnerability in UEFI variable interfaces in Phoenix SCT firmware code on some platforms potentially leading to a buffer overflow.
Tracked under CVE-2024-1598, this vulnerability affects devices using Phoenix SecureCore firmware running Intel GeminiLake platforms.
Mitigations for CVE-2024-1598 were made available in April of 2024.
For device-specific information, please contact your system manufacturer.
Phoenix Technologies strongly recommends customers to update their firmware to the latest version and contact their hardware vendor as soon as possible to prevent any potential exploitation of this flaw.
Phoenix would like to thank Zichuan Li from Indiana University Bloomington for their collaboration in coordinated disclosure for this vulnerability.