CVE-2024-54084
Published: 11 March 2025
Description
Adversaries may use bootkits to persist on systems.
Security Summary
CVE-2024-54084 is a Time-of-check Time-of-use (TOCTOU) race condition vulnerability in APTIOV, a BIOS firmware component developed by American Megatrends (AMI). The flaw allows an attacker to exploit a timing discrepancy during local operations within the BIOS environment, potentially leading to arbitrary code execution. It is classified under CWE-367 and carries a CVSS v3.1 base score of 7.5 (AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H), indicating high severity due to its potential for complete system compromise despite requiring privileged local access.
Exploitation requires a local attacker with high privileges (PR:H) on the target system, combined with high attack complexity (AC:H) to successfully trigger the race condition. No user interaction is needed (UI:N), and the vulnerability's scoped impact (S:C) enables attackers to achieve high confidentiality, integrity, and availability effects, including arbitrary code execution at the BIOS level. This could allow persistent malware implantation or firmware manipulation, evading higher-level operating system security controls.
For mitigation details, refer to the official AMI security advisory (AMI-SA-2025003) at https://go.ami.com/hubfs/Security%20Advisories/2025/AMI-SA-2025003.pdf, published alongside the CVE disclosure on 2025-03-11.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The TOCTOU race condition in BIOS firmware (APTIOV) enables arbitrary code execution at the firmware level, directly facilitating system firmware modification (T1542.001) or bootkit implantation (T1542.003) for persistent access and OS evasion.