Phoenix was notified about a vulnerability in a Windows kernel driver that was distributed as a part of our Phoenix Tools Subscription. The vulnerability would have allowed a potential escalation of privilege in the system by a malicious Windows application utilizing the driver.
Tracked under CVE-2023-35841, this vulnerability affects versions of the WinFlash driver older than 4.5.0.0, and has been patched in all releases newer than 4.5.0.0.
Phoenix would like to thank Takahiro Haruyama of Broadcom for their collaboration in coordinated disclosure for this vulnerability.