Cybersecurity researchers recently revealed a critical security flaw in Phoenix SecureCore UEFI firmware, impacting various Intel Core desktop and mobile processors. Known as CVE-2024-0762, this vulnerability, dubbed "UEFIcanhazbufferoverflow," allows a local attacker to attain elevated privileges and execute malicious code in the UEFI firmware during runtime. This vulnerability was addressed by Phoenix Technologies in April 2024, with Lenovo releasing updates shortly after. The exploit affects devices using Phoenix SecureCore firmware on specific Intel processor families. UEFI, crucial firmware that initializes hardware and loads the operating system, is an attractive target for threat actors seeking to install bootkits and persistence-improving implants. Discovering vulnerabilities in UEFI poses a significant supply chain risk, affecting various products and vendors simultaneously. This development follows previous disclosures of UEFI vulnerabilities, emphasizing the ongoing importance of securing firmware against cyber threats.