CVE-2024-8105
MEDIUMAcer vz2694g, Aspire S 27, Aspire S32-1856, Aspire XC-1710 - Insecure Platform Key Usage
Title source: llmDescription
A vulnerability exists in UEFI implementations that use a hard-coded software-based Platform Key (PK). An attacker in possession of the corresponding PK private key can sign arbitrary UEFI executables or firmware components, causing them to be trusted by affected systems and potentially bypassing UEFI Secure Boot trust validation.
References (9)
Core 9
Core References
Various Sources product
technical-description
https://uefi.org/specs/UEFI/2.9_A/32_Secure_Boot_and_Driver_Signing.html
Various Sources technical-description
https://www.binarly.io/advisories/brly-2024-005
Third Party Advisory, US Government Resource third-party-advisory
https://kb.cert.org/vuls/id/455367
Various Sources technical-description
signature
https://github.com/binarly-io/Vulnerability-REsearch/blob/main/PKfail/BRLY-2024-005.md
Various Sources vendor-advisory
https://www.supermicro.com/en/support/security_PKFAIL_Jul_2024
Various Sources vendor-advisory
https://www.intel.com/content/www/us/en/security-center/announcement/intel-security-announcement-2024-07-25-001.html
Various Sources vendor-advisory
https://security.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-FJ-ISS-2024-072412-Security-Notice.pdf
Various Sources vendor-advisory
https://www.gigabyte.com/us/Support/Security/2205
Third Party Advisory, US Government Resource
https://www.kb.cert.org/vuls/id/455367
Scores
CVSS v3
6.4
EPSS
0.0024
EPSS Percentile
15.0%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
total
Details
Status
published
Products (50)
Acer/altos r680 f4
a2679a9595a104d70bddc024dbc4f65f0dc9d906f30a0d1ae6b996b14246a6c2
Acer/altos r680s f4
e5fdaabf11b236c5c7b040d674936e84db746a180ab9999317e16dcb77aeeba4
Acer/aspire c22-1600
d938d08543d35d4249a51057c1d9c62bb1f6440af19913c5feffcea47dd3de95
Acer/aspire s 27
2bd2bfaf79a72eaca45e544e5c6a5bb842b292bdc229b8975b3101a4013e0d5f
Acer/aspire s32-1856
29837e239487cc83818a7f40f9280d9692a50376487899edd603494b0f30e4c5
Acer/aspire xc-1710
cdaa406bda1a58fbe9933622dec218a26f79871d42f0d3576fbf878e51a16201
Acer/c24-1655
399f68dc94a6c42030efcd57fd034ff721f860b7b5d447779e7a6a6c99aba34f
Acer/c24-962
3d525f96f63995c51ab1bcd2c50ebb71661ffeca9f78f97cc97e851d0e2bbbdd
Acer/vz2694g
d61d0e09d008bfb29bc32532b1b94fcc4ee2af5e8372c6d38722a4e73ecc71d6
Aopen/iAPLx-DE(TAA30 TEST)
94c6f84946db100b505af8a308f69ef6cddc2e310b50641a6e2e63bc9aed54e0
... and 40 more
Published
Aug 26, 2024
Tracked Since
Feb 18, 2026