CVE-2024-8105

MEDIUM

Acer vz2694g, Aspire S 27, Aspire S32-1856, Aspire XC-1710 - Insecure Platform Key Usage

Title source: llm
STIX 2.1

Description

A vulnerability related to the use an insecure Platform Key (PK) has been discovered. An attacker with the compromised PK private key can create malicious UEFI software that is signed with a trusted key that has been compromised.

References (9)

Core 9
Core References
Third Party Advisory, US Government Resource
https://www.kb.cert.org/vuls/id/455367
Various Sources product technical-description
https://uefi.org/specs/UEFI/2.9_A/32_Secure_Boot_and_Driver_Signing.html
Various Sources technical-description
https://www.binarly.io/advisories/brly-2024-005
Third Party Advisory, US Government Resource third-party-advisory
https://kb.cert.org/vuls/id/455367
Various Sources vendor-advisory
https://www.gigabyte.com/us/Support/Security/2205

Scores

CVSS v3 6.4
EPSS 0.0001
EPSS Percentile 2.0%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact total

Details

Status published
Products (50)
Acer/altos r680 f4 a2679a9595a104d70bddc024dbc4f65f0dc9d906f30a0d1ae6b996b14246a6c2
Acer/altos r680s f4 e5fdaabf11b236c5c7b040d674936e84db746a180ab9999317e16dcb77aeeba4
Acer/aspire c22-1600 d938d08543d35d4249a51057c1d9c62bb1f6440af19913c5feffcea47dd3de95
Acer/aspire s 27 2bd2bfaf79a72eaca45e544e5c6a5bb842b292bdc229b8975b3101a4013e0d5f
Acer/aspire s32-1856 29837e239487cc83818a7f40f9280d9692a50376487899edd603494b0f30e4c5
Acer/aspire xc-1710 cdaa406bda1a58fbe9933622dec218a26f79871d42f0d3576fbf878e51a16201
Acer/c24-1655 399f68dc94a6c42030efcd57fd034ff721f860b7b5d447779e7a6a6c99aba34f
Acer/c24-962 3d525f96f63995c51ab1bcd2c50ebb71661ffeca9f78f97cc97e851d0e2bbbdd
Acer/vz2694g d61d0e09d008bfb29bc32532b1b94fcc4ee2af5e8372c6d38722a4e73ecc71d6
Aopen/iAPLx-DE(TAA30 TEST) 94c6f84946db100b505af8a308f69ef6cddc2e310b50641a6e2e63bc9aed54e0
... and 40 more
Published Aug 26, 2024
Tracked Since Feb 18, 2026