CVE-2024-54084 - Vulnerability Details - OpenCVE

ReportizFlow

APTIOV contains a vulnerability in BIOS where an attacker may cause a Time-of-check Time-of-use (TOCTOU) Race Condition by local means. Successful exploitation of this vulnerability may lead to arbitrary code execution.

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required High

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Ami	Aptio V

Configuration 1 [-]

cpe:2.3:o:ami:aptio_v:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://go.ami.com/hubfs/Security%20Advisories/2025/AMI-SA-2025003.pdf

History

Thu, 02 Oct 2025 14:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Ami Ami aptio V
CPEs		cpe:2.3:o:ami:aptio_v::::::::
Vendors & Products		Ami Ami aptio V

Fri, 11 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.00015}`	epss `{'score': 0.0002}`

Tue, 11 Mar 2025 15:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Tue, 11 Mar 2025 14:15:00 +0000

Type	Values Removed	Values Added
Description		APTIOV contains a vulnerability in BIOS where an attacker may cause a Time-of-check Time-of-use (TOCTOU) Race Condition by local means. Successful exploitation of this vulnerability may lead to arbitrary code execution.
Title		SMM Arbitrary Write via TOCTOU Vulnerability
Weaknesses		CWE-367
References		https://go.ami.com/hubfs/Security%20Advisories/2025/AMI-SA-2025003.pdf
Metrics		cvssV3_1 `{'score': 7.5, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H'}`

MITRE

Status: PUBLISHED

Assigner: AMI

Published: 2025-03-11T14:01:24.030Z

Updated: 2025-03-11T14:45:58.764Z

Reserved: 2024-11-28T05:10:52.351Z

Link: CVE-2024-54084

Vulnrichment

Updated: 2025-03-11T14:45:52.913Z

NVD

Status : Analyzed

Published: 2025-03-11T14:15:22.730

Modified: 2025-10-02T14:21:08.137

Link: CVE-2024-54084

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-54084", "assignerOrgId": "7e9044f1-7f56-4c38-8864-c0c7302263d6", "state": "PUBLISHED", "assignerShortName": "AMI", "dateReserved": "2024-11-28T05:10:52.351Z", "datePublished": "2025-03-11T14:01:24.030Z", "dateUpdated": "2025-03-11T14:45:58.764Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "AptioV", "vendor": "AMI", "versions": [{"lessThanOrEqual": "BKS_5.38", "status": "affected", "version": "BKS_5.0", "versionType": "Custom"}]}], "datePublic": "2025-03-11T14:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "APTIOV contains a vulnerability in BIOS where an attacker may cause a Time-of-check Time-of-use (TOCTOU) Race Condition by local means. Successful exploitation of this vulnerability may lead to arbitrary code execution."}], "value": "APTIOV contains a vulnerability in BIOS where an attacker may cause a Time-of-check Time-of-use (TOCTOU) Race Condition by local means. Successful exploitation of this vulnerability may lead to arbitrary code execution."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-367", "description": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "7e9044f1-7f56-4c38-8864-c0c7302263d6", "shortName": "AMI", "dateUpdated": "2025-03-11T14:01:24.030Z"}, "references": [{"url": "https://go.ami.com/hubfs/Security%20Advisories/2025/AMI-SA-2025003.pdf"}], "source": {"discovery": "UNKNOWN"}, "title": "SMM Arbitrary Write via TOCTOU Vulnerability", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-03-11T14:45:48.097813Z", "id": "CVE-2024-54084", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-11T14:45:58.764Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-54084", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-03-11T14:45:48.097813Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-11T14:45:52.913Z"}}], "cna": {"title": "SMM Arbitrary Write via TOCTOU Vulnerability", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "AMI", "product": "AptioV", "versions": [{"status": "affected", "version": "BKS_5.0", "versionType": "Custom", "lessThanOrEqual": "BKS_5.38"}], "defaultStatus": "unaffected"}], "datePublic": "2025-03-11T14:00:00.000Z", "references": [{"url": "https://go.ami.com/hubfs/Security%20Advisories/2025/AMI-SA-2025003.pdf"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "APTIOV contains a vulnerability in BIOS where an attacker may cause a Time-of-check Time-of-use (TOCTOU) Race Condition by local means. Successful exploitation of this vulnerability may lead to arbitrary code execution.", "supportingMedia": [{"type": "text/html", "value": "APTIOV contains a vulnerability in BIOS where an attacker may cause a Time-of-check Time-of-use (TOCTOU) Race Condition by local means. Successful exploitation of this vulnerability may lead to arbitrary code execution.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-367", "description": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition"}]}], "providerMetadata": {"orgId": "7e9044f1-7f56-4c38-8864-c0c7302263d6", "shortName": "AMI", "dateUpdated": "2025-03-11T14:01:24.030Z"}}}, "cveMetadata": {"cveId": "CVE-2024-54084", "state": "PUBLISHED", "dateUpdated": "2025-03-11T14:45:58.764Z", "dateReserved": "2024-11-28T05:10:52.351Z", "assignerOrgId": "7e9044f1-7f56-4c38-8864-c0c7302263d6", "datePublished": "2025-03-11T14:01:24.030Z", "assignerShortName": "AMI"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ami:aptio_v:*:*:*:*:*:*:*:*", "matchCriteriaId": "66B5321D-288B-4FB3-95CD-F185660D96CF", "versionEndExcluding": "5.038", "versionStartIncluding": "5.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "APTIOV contains a vulnerability in BIOS where an attacker may cause a Time-of-check Time-of-use (TOCTOU) Race Condition by local means. Successful exploitation of this vulnerability may lead to arbitrary code execution."}, {"lang": "es", "value": "APTIOV contiene una vulnerabilidad en la BIOS que permite a un atacante provocar una condici\u00f3n de ejecuci\u00f3n de tiempo de verificaci\u00f3n y tiempo de uso (TOCTOU) localmente. La explotaci\u00f3n exitosa de esta vulnerabilidad puede provocar la ejecuci\u00f3n de c\u00f3digo arbitrario."}], "id": "CVE-2024-54084", "lastModified": "2025-10-02T14:21:08.137", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 6.0, "source": "[email protected]", "type": "Secondary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.0, "impactScore": 5.9, "source": "[email protected]", "type": "Primary"}]}, "published": "2025-03-11T14:15:22.730", "references": [{"source": "[email protected]", "tags": ["Vendor Advisory"], "url": "https://go.ami.com/hubfs/Security%20Advisories/2025/AMI-SA-2025003.pdf"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-367"}], "source": "[email protected]", "type": "Secondary"}]}