CVE-2024-42444 HIGH

CVE-2024-42444: TOCTOU Race Condition between DMA and SMM

Vendor Ami
Product AptioV
Weakness CWE-367
Published January 14, 2025
Last update January 14, 2025

CVSS base score

7.5/10
Attack vector Local
Attack complexity High
Privileges required Low
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

APTIOV contains a vulnerability in BIOS where an attacker may cause a TOCTOU Race Condition by local means. Successful exploitation of this vulnerability may lead to execution of arbitrary code on the target device.

Key dates

02Disclosure timeline

January 14, 2025 CVE published
January 14, 2025 Record updated