ByteOS Network

Vulnerability Details :

CVE-2024-1598

Assigner Org ID-22d9ba52-f336-4b0d-bf1f-0efbdcc3c1de

Published At-14 May, 2024 | 14:56

Updated At-28 Jul, 2025 | 20:53

Potential buffer overflow when handling UEFI variables

Potential buffer overflow in unsafe UEFI variable handling in Phoenix SecureCore™ for Intel Gemini Lake.This issue affects: SecureCore™ for Intel Gemini Lake: from 4.1.0.1 before 4.1.0.567.

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

▼Common Vulnerabilities and Exposures (CVE)

cve.org

Assigner:Phoenix

Assigner Org ID:22d9ba52-f336-4b0d-bf1f-0efbdcc3c1de

Published At:14 May, 2024 | 14:56

Updated At:28 Jul, 2025 | 20:53

▼CVE Numbering Authority (CNA)

Potential buffer overflow when handling UEFI variables

Potential buffer overflow in unsafe UEFI variable handling in Phoenix SecureCore™ for Intel Gemini Lake.This issue affects: SecureCore™ for Intel Gemini Lake: from 4.1.0.1 before 4.1.0.567.

Affected Products

Vendor

Phoenix

Product

SecureCore™ for Intel Gemini Lake

Default Status

unaffected

Versions

Affected

From 4.1.0.1 before 4.1.0.567 (custom)

Metrics

Version	Base score	Base severity	Vector
3.1	7.5	HIGH	CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

Version: 3.1

Base score: 7.5

Base severity: HIGH

Vector:

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

Credits

finder

Zichuan Li from Indiana University Bloomington

References

Hyperlink	Resource
https://phoenixtech.com/phoenix-security-notifications/cve-2024-1598/	N/A

Hyperlink: https://phoenixtech.com/phoenix-security-notifications/cve-2024-1598/

Resource: N/A

▼Authorized Data Publishers (ADP)

1. CISA ADP Vulnrichment

Affected Products

Vendor

phoenix

Product

securecore_technology

CPEs

cpe:2.3:a:phoenix:securecore_technology:-:*:*:*:*:*:*:*

Default Status

unknown

Versions

Affected

From 4.1.0.1 before 4.1.0.567 (custom)

Problem Types

Type	CWE ID	Description
CWE	CWE-121	CWE-121 Stack-based Buffer Overflow

Type: CWE

CWE ID: CWE-121

Description: CWE-121 Stack-based Buffer Overflow

Metrics Other Info

2. CVE Program Container

References

Hyperlink	Resource
https://www.phoenix.com/security-notifications/cve-2024-1598/	x_transferred

Hyperlink: https://www.phoenix.com/security-notifications/cve-2024-1598/

Resource:

x_transferred

▼National Vulnerability Database (NVD)

nvd.nist.gov

Source:22d9ba52-f336-4b0d-bf1f-0efbdcc3c1de

Published At:14 May, 2024 | 16:15

Updated At:28 Jul, 2025 | 21:15

Potential buffer overflow in unsafe UEFI variable handling in Phoenix SecureCore™ for Intel Gemini Lake.This issue affects: SecureCore™ for Intel Gemini Lake: from 4.1.0.1 before 4.1.0.567.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	7.5	HIGH	CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

Type: Secondary

Version: 3.1

Base score: 7.5

Base severity: HIGH

Vector:

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

Weaknesses

CWE ID	Type	Source
CWE-121	Secondary	134c704f-9b21-4f2e-91b3-4a467353bcc0

CWE ID: CWE-121

Type: Secondary

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

References

Hyperlink	Source	Resource
https://phoenixtech.com/phoenix-security-notifications/cve-2024-1598/	22d9ba52-f336-4b0d-bf1f-0efbdcc3c1de	N/A
https://www.phoenix.com/security-notifications/cve-2024-1598/	af854a3a-2127-422b-91ae-364da2661108	N/A

Hyperlink: https://phoenixtech.com/phoenix-security-notifications/cve-2024-1598/

Source: 22d9ba52-f336-4b0d-bf1f-0efbdcc3c1de

Resource: N/A

Hyperlink: https://www.phoenix.com/security-notifications/cve-2024-1598/

Source: af854a3a-2127-422b-91ae-364da2661108

Resource: N/A

Similar CVEs

6Records found

CVE-2024-0762

Matching Score-8

Assigner-Phoenix Technologies, Inc.

View Details

Matching Score-8

Assigner-Phoenix Technologies, Inc.

CVSS Score-7.5||HIGH

EPSS-0.22% / 44.77%

7 Day CHG~0.00%

Published-14 May, 2024 | 14:56

Updated-28 Jul, 2025 | 21:15

Potential buffer overflow when handling UEFI variables

Potential buffer overflow in unsafe UEFI variable handling in Phoenix SecureCore™ for select Intel platforms This issue affects: Phoenix SecureCore™ for Intel Kaby Lake: from 4.0.1.1 before 4.0.1.998; Phoenix SecureCore™ for Intel Coffee Lake: from 4.1.0.1 before 4.1.0.562; Phoenix SecureCore™ for Intel Ice Lake: from 4.2.0.1 before 4.2.0.323; Phoenix SecureCore™ for Intel Comet Lake: from 4.2.1.1 before 4.2.1.287; Phoenix SecureCore™ for Intel Tiger Lake: from 4.3.0.1 before 4.3.0.236; Phoenix SecureCore™ for Intel Jasper Lake: from 4.3.1.1 before 4.3.1.184; Phoenix SecureCore™ for Intel Alder Lake: from 4.4.0.1 before 4.4.0.269; Phoenix SecureCore™ for Intel Raptor Lake: from 4.5.0.1 before 4.5.0.218; Phoenix SecureCore™ for Intel Meteor Lake: from 4.5.1.1 before 4.5.1.15.

Vendor-Phoenix phoenix

Product-SecureCore™ for Intel Comet Lake SecureCore™ for Intel Alder Lake SecureCore™ for Intel Meteor Lake SecureCore™ for Intel Tiger Lake SecureCore™ for Intel Jasper Lake SecureCore™ for Intel Kaby Lake SecureCore™ for Intel Coffee Lake SecureCore™ for Intel Raptor Lake SecureCore™ for Intel Ice Lake securecore_technology

CWE ID-CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CVE-2021-21574

Matching Score-4

Assigner-Dell

View Details

Matching Score-4

Assigner-Dell

CVSS Score-7.2||HIGH

EPSS-0.09% / 26.21%

7 Day CHG~0.00%

Published-24 Jun, 2021 | 17:00

Updated-16 Sep, 2024 | 21:08

Dell BIOSConnect feature contains a buffer overflow vulnerability. An authenticated malicious admin user with local access to the system may potentially exploit this vulnerability to run arbitrary code and bypass UEFI restrictions.

Vendor-Dell Inc.

CWE ID-CWE-121

Stack-based Buffer Overflow

CWE ID-CWE-787

Out-of-bounds Write

CVE-2022-34403

Matching Score-4

Assigner-Dell

View Details

Matching Score-4

Assigner-Dell

CVSS Score-7.5||HIGH

EPSS-0.04% / 10.39%

7 Day CHG~0.00%

Published-01 Feb, 2023 | 05:19

Updated-26 Mar, 2025 | 18:54

Dell BIOS contains a Stack based buffer overflow vulnerability. A local authenticated attacker could potentially exploit this vulnerability by using an SMI to send larger than expected input to a parameter to gain arbitrary code execution in SMRAM.

Vendor-Dell Inc.

CWE ID-CWE-121

Stack-based Buffer Overflow

CWE ID-CWE-787

Out-of-bounds Write

CVE-2022-34401

Matching Score-4

Assigner-Dell

View Details

Matching Score-4

Assigner-Dell

CVSS Score-7.5||HIGH

EPSS-0.03% / 6.00%

7 Day CHG~0.00%

Published-18 Jan, 2023 | 05:51

Updated-03 Apr, 2025 | 19:42

Dell BIOS contains a stack based buffer overflow vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to send larger than expected input to a parameter in order to gain arbitrary code execution in SMRAM.

Vendor-Dell Inc.

Product-g15_5525_firmware alienware_m17_r5_firmware alienware_m15_a6_firmware g15_5525 alienware_m15_a6 alienware_m17_r5 CPG BIOS

CWE ID-CWE-121

Stack-based Buffer Overflow

CWE ID-CWE-787

Out-of-bounds Write

CVE-2022-26860

Matching Score-4

Assigner-Dell

View Details

Matching Score-4

Assigner-Dell

CVSS Score-7.5||HIGH

EPSS-0.02% / 3.60%

7 Day CHG~0.00%

Published-06 Sep, 2022 | 20:15

Updated-17 Sep, 2024 | 04:04

Dell BIOS versions contain a stack-based buffer overflow vulnerability. A local attacker could exploit this vulnerability by sending malicious input via SMI to bypass security checks resulting in arbitrary code execution in SMM.

Vendor-Dell Inc.

CWE ID-CWE-121

Stack-based Buffer Overflow

CWE ID-CWE-787

Out-of-bounds Write

CVE-2021-21573

Matching Score-4

Assigner-Dell

View Details

Matching Score-4

Assigner-Dell

CVSS Score-7.2||HIGH

EPSS-0.05% / 13.28%

7 Day CHG~0.00%

Published-24 Jun, 2021 | 17:00

Updated-17 Sep, 2024 | 01:11

Vendor-Dell Inc.

CWE ID-CWE-121

Stack-based Buffer Overflow

CWE ID-CWE-787

Out-of-bounds Write

CVE-2024-1598

Credits

Potential buffer overflow when handling UEFI variables

Vendors

Products

Metrics (CVSS)

Weaknesses

Attack Patterns

Solution/Workaround

References

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

Stakeholder-Specific Vulnerability Categorization (SSVC)

Affected Products

Affected

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History

Similar CVEs