The flaw (CVE-2024-0762 with a reported CVSS of 7.5) was discovered in the Phoenix SecureCore UEFI firmware by cybersecurity firm Eclypsium, who identified it on Lenovo ThinkPad X1 Carbon 7th Gen and X1 Yoga 4th Gen devices. Further investigation revealed that the vulnerability affects SecureCore firmware for a wide range…