Phoenix has identified a potential vulnerability that involves unsafe UEFI variable handling in Phoenix SCT Firmware, potentially leading to unsafe memory access that could cause temporary denial of service.
Tracked under CVE-2024-29979, this vulnerability affects devices using Phoenix SCT firmware on select Intel processor families including: IceLake, CometLake, CoffeeLake, and KabyLake.
CVE-2024-29979 affects Phoenix SCT’s usage of a Phoenix-specific UEFI variable on the specified platforms.
The last patches for this CVE were made available to partners as of August 2024.
For device-specific information, please contact your system manufacturer.
Phoenix Technologies strongly recommends customers to update their firmware to the latest version and contact their hardware vendor as soon as possible to prevent any potential exploitation of this flaw.
