CVE-2024-33659 MEDIUM

CVE-2024-33659: BiosGuard Buffer Overflow and TOCTOU Vulnerability

Vendor Ami
Product AptioV
Weakness CWE-20 · Input validation
Published February 11, 2025
Last update February 11, 2025

CVSS base score

5.7/10
Attack vector Local
Attack complexity High
Privileges required High
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:L/VI:H/VA:H/SC:L/SI:L/SA:L

What the vulnerability does

01Description

AMI APTIOV contains a vulnerability in BIOS where an attacker may cause an Improper Input Validation by a local attacker. Successful exploitation of these vulnerabilities may lead to overwriting arbitrary memory and execute arbitrary code at SMM level, also impacting Confidentiality, Integrity, and Availability.

Key dates

02Disclosure timeline

February 11, 2025 CVE published
February 11, 2025 Record updated