CVE-2024-2315 MEDIUM

CVE-2024-2315: SMM arbitrary code execution in Overclock

Vendor Ami
Product AptioV
Weakness CWE-284
Published November 12, 2024
Last update November 21, 2024

CVSS base score

6.8/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:L/SI:L/SA:L

What the vulnerability does

01Description

APTIOV contains a vulnerability in BIOS where may cause Improper Access Control by a local attacker. Successful exploitation of this vulnerability may lead to unexpected SPI flash modifications and BIOS boot kit launches, also impacting the availability.

Key dates

02Disclosure timeline

November 12, 2024 CVE published
November 21, 2024 Record updated