CVE-2024-54084 HIGH

CVE-2024-54084: SMM Arbitrary Write via TOCTOU Vulnerability

Vendor Ami
Product AptioV
Weakness CWE-367
Published March 11, 2025
Last update March 11, 2025

CVSS base score

7.5/10
Attack vector Local
Attack complexity High
Privileges required High
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

APTIOV contains a vulnerability in BIOS where an attacker may cause a Time-of-check Time-of-use (TOCTOU) Race Condition by local means. Successful exploitation of this vulnerability may lead to arbitrary code execution.

Key dates

02Disclosure timeline

March 11, 2025 CVE published
March 11, 2025 Record updated