CVE-2024-42442 HIGH

CVE-2024-42442: Runtime Service Access outside SMRAM

Vendor Ami
Product AptioV
Weakness CWE-119
Published November 12, 2024
Last update November 12, 2024

CVSS base score

7.2/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

APTIOV contains a vulnerability in the BIOS where a user or attacker may cause an improper restriction of operations within the bounds of a memory buffer over the network. A successful exploitation of this vulnerability may lead to code execution outside of the intended System Management Mode.

Key dates

02Disclosure timeline

November 12, 2024 CVE published
November 12, 2024 Record updated