CVE-2024-42446 HIGH

CVE-2024-42446: TOCTOU in SmmWhea

Vendor Ami
Product AptioV
Weakness CWE-367
Published May 13, 2025
Last update May 13, 2025

CVSS base score

7.5/10
Attack vector Local
Attack complexity High
Privileges required High
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

APTIOV contains a vulnerability in BIOS where an attacker may cause a Time-of-check Time-of-use (TOCTOU) Race Condition by local means. Successful exploitation of this vulnerability may lead to arbitrary code execution.

Key dates

02Disclosure timeline

May 13, 2025 CVE published
May 13, 2025 Record updated