CVE-2024-0762 and my Thinkpad T480s

bkaral · Jun 20, 2024

Hi:

I just found out about CVE-2024-0762 AKA "UEFICANHAZBUFFEROVERFLOW" vulnerability. I went to Lenovo's website but found that the T480s wasn't in the table. So I'm not clear whether it's affected or not affected by the vulnerability.

I'm asking here first cause I usually find that any time I call Lenovo after warranty they are rather hostile and definitely not willing to help without a fee.

continuum · Jun 20, 2024

https://www.securityweek.com/hundreds-of-pc-server-models-possibly-affected-by-serious-phoenix-uefi-vulnerability/

Phoenix Technologies addressed the vulnerability in an advisory published in May, confirming that the SecureCore firmware running on Intel processor families such as Alder Lake, Coffee Lake, Comet Lake, Ice Lake, Jasper Lake, Kaby Lake, Meteor Lake, Raptor Lake, Rocket Lake, and Tiger Lake are impacted.

Looks like some systems do not have patched UEFI yet, but:

CVE-2024-0762 is the far right column and the T570 and T580 models of the same generation as yours show as "not affected" so honestly I wouldn't be stressing about it too much at this point. Keep your eyes on the link below (where the above screenshot is from) every few weeks to see if things change.

https://support.lenovo.com/us/en/product_security/LEN-158632

Search

Search

CVE-2024-0762 and my Thinkpad T480s

More options

bkaral

Ars Tribunus Militum

More options

continuum

Ars Legatus Legionis

More options