Race Condition Vulnerability in APTIOV BIOS by AMI
CVE-2024-42446

7.5HIGH

Key Information:

Vendor: Ami
Status: Aptiov
Vendor: CVE Published:; 13 May 2025

What is CVE-2024-42446?

The APTIOV BIOS from AMI presents a potential security risk due to a race condition vulnerability. An attacker could exploit this flaw to manipulate the timing of operations, which may lead to unauthorized arbitrary code execution. The vulnerability arises from a Time-of-Check to Time-of-Use (TOCTOU) issue, where checks are performed at one moment, but the state may change before the operation is executed. It is crucial for users and administrators to assess their systems and apply the necessary updates to mitigate this risk.

Affected Version(s)

AptioV BKS_5.0

References

https://go.ami.com/hubfs/Security%20Advisories/2025/AMI-S...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
May 13, 2025
Vulnerability Reserved
Aug 1, 2024

Ami

What is CVE-2024-42446?

Affected Version(s)

References

CVSS V3.1

Timeline