Metrics
Affected Vendors & Products
Sun, 28 Jun 2026 20:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | A vulnerability related to the use an insecure Platform Key (PK) has been discovered. An attacker with the compromised PK private key can create malicious UEFI software that is signed with a trusted key that has been compromised. | A vulnerability exists in UEFI implementations that use a hard-coded software-based Platform Key (PK). An attacker in possession of the corresponding PK private key can sign arbitrary UEFI executables or firmware components, causing them to be trusted by affected systems and potentially bypassing UEFI Secure Boot trust validation. |
Mon, 25 Aug 2025 21:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Mon, 09 Sep 2024 22:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
cvssV3_1
|
cvssV3_1
|
Mon, 09 Sep 2024 21:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
Fri, 30 Aug 2024 20:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
Fri, 30 Aug 2024 09:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Weaknesses | CWE-1394 | |
| References |
| |
| Metrics |
threat_severity
|
cvssV3_1
|
Mon, 26 Aug 2024 19:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
Mon, 26 Aug 2024 19:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | A vulnerability related to the use an insecure Platform Key (PK) has been discovered. An attacker with the compromised PK private key can create malicious UEFI software that is signed with a trusted key that has been compromised. | |
| Title | Insecure Platform Key (PK) used in UEFI system firmware signature | |
| References |
|
Status: PUBLISHED
Assigner: certcc
Published:
Updated: 2026-06-28T20:20:37.379Z
Reserved: 2024-08-22T19:50:07.296Z
Link: CVE-2024-8105
Updated: 2024-08-30T16:02:49.517Z
Status : Deferred
Published: 2024-08-26T20:15:08.380
Modified: 2026-06-17T08:21:52.903
Link: CVE-2024-8105
OpenCVE Enrichment
No data.