CVE-2024-42444

High

Published: 14 January 2025

Published

14 January 2025

Modified

02 October 2025

KEV Added

—

Patch

—

CVSS Score 7.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H

EPSS Score 0.0011 29.2th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Description

APTIOV contains a vulnerability in BIOS where an attacker may cause a TOCTOU Race Condition by local means. Successful exploitation of this vulnerability may lead to execution of arbitrary code on the target device.

Security Summary

CVE-2024-42444 is a Time-of-Check Time-of-Use (TOCTOU) race condition vulnerability, classified as CWE-367, affecting the APTIOV BIOS firmware. Published on January 14, 2025, it carries a CVSS v3.1 base score of 7.5 (High), with vector AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H, indicating local access vector, high attack complexity, low privileges required, user interaction needed, changed scope, and high impacts across confidentiality, integrity, and availability.

A local attacker with low privileges can exploit this vulnerability through local means by inducing the TOCTOU race condition, though it demands high complexity and user interaction. Successful exploitation enables execution of arbitrary code on the target device.

American Megatrends has published security advisory AMI-SA-2025001, which details the vulnerability and associated mitigations, available at https://go.ami.com/hubfs/Security%20Advisories/2025/AMI-SA-2025001.pdf.

Details

CWE(s): CWE-367

Affected Products

ami

aptio v

5.0 — 5.038

References

https://go.ami.com/hubfs/Security%20Advisories/2025/AMI-SA-2025001.pdf
Vendor Advisory · biossecurity@ami.com