CVE-2024-54084

High

Published: 11 March 2025

Published

11 March 2025

Modified

02 October 2025

KEV Added

—

Patch

—

CVSS Score 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

EPSS Score 0.0003 8.7th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-54084 is a high-severity Time-of-check Time-of-use (TOCTOU) Race Condition (CWE-367) vulnerability in Ami Aptio V. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique System Firmware (T1542.001); ranked at the 8.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and SI-7 (Software, Firmware, and Information Integrity).

Threat & Defense at a Glance

What attackers do: exploitation maps to System Firmware (T1542.001) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Directly remediates the TOCTOU race condition in APTIOV BIOS firmware by requiring timely identification, reporting, and application of vendor patches from the AMI security advisory.

SI-7 Software, Firmware, and Information Integrity good match

preventdetect

Verifies and monitors the integrity of BIOS firmware using cryptographic mechanisms to prevent or detect unauthorized modifications exploiting the race condition for arbitrary code execution.

CM-14 Signed Components partial match

prevent

Enforces digitally signed BIOS components to ensure authenticity and integrity during firmware updates, mitigating risks of tampered firmware exacerbating the TOCTOU vulnerability.

MITRE ATT&CK Enterprise TechniquesAI

T1542.001 System Firmware Stealth

Adversaries may modify system firmware to persist on systems.

attack.mitre.org →

T1542.003 Bootkit Stealth

Adversaries may use bootkits to persist on systems.

attack.mitre.org →

Why these techniques?

The TOCTOU race condition in BIOS firmware (APTIOV) enables arbitrary code execution at the firmware level, directly facilitating system firmware modification (T1542.001) or bootkit implantation (T1542.003) for persistent access and OS evasion.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v19.0

NVD Description

APTIOV contains a vulnerability in BIOS where an attacker may cause a Time-of-check Time-of-use (TOCTOU) Race Condition by local means. Successful exploitation of this vulnerability may lead to arbitrary code execution.

Deeper analysisAI

CVE-2024-54084 is a Time-of-check Time-of-use (TOCTOU) race condition vulnerability in APTIOV, a BIOS firmware component developed by American Megatrends (AMI). The flaw allows an attacker to exploit a timing discrepancy during local operations within the BIOS environment, potentially leading to arbitrary code execution. It is classified under CWE-367 and carries a CVSS v3.1 base score of 7.5 (AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H), indicating high severity due to its potential for complete system compromise despite requiring privileged local access.

Exploitation requires a local attacker with high privileges (PR:H) on the target system, combined with high attack complexity (AC:H) to successfully trigger the race condition. No user interaction is needed (UI:N), and the vulnerability's scoped impact (S:C) enables attackers to achieve high confidentiality, integrity, and availability effects, including arbitrary code execution at the BIOS level. This could allow persistent malware implantation or firmware manipulation, evading higher-level operating system security controls.

For mitigation details, refer to the official AMI security advisory (AMI-SA-2025003) at https://go.ami.com/hubfs/Security%20Advisories/2025/AMI-SA-2025003.pdf, published alongside the CVE disclosure on 2025-03-11.