mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-05-31 02:31:22 +00:00
37 lines
1.3 KiB
JSON
37 lines
1.3 KiB
JSON
|
{
|
||
|
|
"id": "CVE-2024-8105",
|
||
|
|
"sourceIdentifier": "cret@cert.org",
|
||
|
|
"published": "2024-08-26T20:15:08.380",
|
||
|
|
"lastModified": "2024-08-26T20:15:08.380",
|
||
|
|
"vulnStatus": "Received",
|
||
|
|
"cveTags": [],
|
||
|
|
"descriptions": [
|
||
|
|
{
|
||
|
|
"lang": "en",
|
||
|
|
"value": "A vulnerability related to the use an insecure Platform Key (PK) has been discovered. An attacker with the compromised PK private key can create malicious UEFI software that is signed with a trusted key that has been compromised."
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"metrics": {},
|
||
|
|
"references": [
|
||
|
|
{
|
||
|
|
"url": "https://github.com/binarly-io/Vulnerability-REsearch/blob/main/PKfail/BRLY-2024-005.md",
|
||
|
|
"source": "cret@cert.org"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"url": "https://security.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-FJ-ISS-2024-072412-Security-Notice.pdf",
|
||
|
|
"source": "cret@cert.org"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"url": "https://uefi.org/specs/UEFI/2.9_A/32_Secure_Boot_and_Driver_Signing.html",
|
||
|
|
"source": "cret@cert.org"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"url": "https://www.intel.com/content/www/us/en/security-center/announcement/intel-security-announcement-2024-07-25-001.html",
|
||
|
|
"source": "cret@cert.org"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"url": "https://www.supermicro.com/en/support/security_PKFAIL_Jul_2024",
|
||
|
|
"source": "cret@cert.org"
|
||
|
|
}
|
||
|
|
]
|
||
|
|
}
|