Cyber Resilience

CVE-2024-42444

High

Published: 14 January 2025

Published
14 January 2025
Modified
02 October 2025
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H
EPSS Score 0.0015 35.6th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-42444 is a high-severity Time-of-check Time-of-use (TOCTOU) Race Condition (CWE-367) vulnerability in Ami Aptio V. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique System Firmware (T1542.001); ranked at the 35.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-34 (Non-modifiable Executable Programs) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2024-42444 is a Time-of-Check Time-of-Use (TOCTOU) race condition vulnerability, classified as CWE-367, affecting the APTIOV BIOS firmware. Published on January 14, 2025, it carries a CVSS v3.1 base score of 7.5 (High), with vector AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H, indicating local access vector, high attack complexity, low privileges required, user interaction needed, changed scope, and high impacts across confidentiality, integrity, and availability.

A local attacker with low privileges can exploit this vulnerability through local means by inducing the TOCTOU race condition, though it demands high complexity and user interaction. Successful exploitation enables execution of arbitrary code on the target device.

American Megatrends has published security advisory AMI-SA-2025001, which details the vulnerability and associated mitigations, available at https://go.ami.com/hubfs/Security%20Advisories/2025/AMI-SA-2025001.pdf.

EU & UK References

Vulnerability details

APTIOV contains a vulnerability in BIOS where an attacker may cause a TOCTOU Race Condition by local means. Successful exploitation of this vulnerability may lead to execution of arbitrary code on the target device.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1542.001 System Firmware Stealth
Adversaries may modify system firmware to persist on systems.
T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

TOCTOU race condition in BIOS firmware directly enables arbitrary code execution at the pre-OS/firmware level (T1542.001) and supports local privilege escalation from low-priv context (T1068).

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2024-54084Same product: Ami Aptio V
CVE-2024-33659Same product: Ami Aptio V
CVE-2024-53028Shared CWE-367
CVE-2026-41651Shared CWE-367
CVE-2026-41702Shared CWE-367
CVE-2026-27750Shared CWE-367
CVE-2026-21240Shared CWE-367
CVE-2026-45208Shared CWE-367
CVE-2024-45560Shared CWE-367
CVE-2023-20548Shared CWE-367

Affected Assets

ami
aptio v
5.0 — 5.038

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly remediates the TOCTOU race condition vulnerability in APTIOV BIOS firmware by applying vendor-provided updates from AMI-SA-2025001.

preventdetect

Monitors and verifies the integrity of BIOS firmware using cryptographic mechanisms to prevent unauthorized modifications or execution exploiting the race condition.

prevent

Enforces execution of only non-modifiable BIOS firmware programs, blocking arbitrary code execution resulting from the TOCTOU vulnerability.

References