Phoenix has identified a potential vulnerability that involves unsafe UEFI variable handling in Phoenix SCT Firmware, potentially leading to unsafe memory access that could cause temporary denial of service.
Tracked under CVE-2024-29980 this vulnerability affects devices using Phoenix SCT firmware on select Intel processor families including: IceLake, CometLake, CoffeeLake, and KabyLake, and SkyLake.
CVE-2024-29980 affects Phoenix SCT’s usage of an Intel-specific UEFI variable on the specified platforms.
The last patches for this CVE were made available to partners as of August 2024.
For device-specific information, please contact your system manufacturer.
Phoenix Technologies strongly recommends customers to update their firmware to the latest version and contact their hardware vendor as soon as possible to prevent any potential exploitation of this flaw.
