CVE-2024-42444 — Time-of-check Time-of-use (TOCTOU) Race Condition in Aptiov

CWE-367 — Time-of-check Time-of-use (TOCTOU) Race Condition3 documents3 sources

Severity

7.8HIGHNVD

CNA7.5

EPSS

0.1%

top 70.37%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

AMI Aptio V AMI Aptiov

Timeline

PublishedJan 14

Description

APTIOV contains a vulnerability in BIOS where an attacker may cause a TOCTOU Race Condition by local means. Successful exploitation of this vulnerability may lead to execution of arbitrary code on the target device.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:HExploitability: 1.1 | Impact: 6.0

Affected Packages2 packages

▶NVDami/aptio_v5.0 — 5.038

▶CVEListV5ami/aptiovBKS_5.0 — BKS_5.38

🔴Vulnerability Details

GHSA

GHSA-45gf-27xm-h64q: APTIOV contains a vulnerability in BIOS where an attacker may cause a TOCTOU Race Condition by local means↗2025-01-14

▶

CVEList

TOCTOU Race Condition between DMA and SMM↗2025-01-14

▶