Primary

Context

AMI AptioV BIOS TOCTOU Race Condition Vulnerability Allowing Arbitrary Code Execution

Vulnerability

Patched

A TOCTOU (Time-of-Check to Time-of-Use) race condition vulnerability has been identified in the AMI AptioV BIOS. This vulnerability allows an attacker to exploit the race condition through local means, potentially leading to the execution of arbitrary code on the affected device. The issue arises in products using the Computrace module.

Impact

Exploitation of this vulnerability could result in unauthorized execution of arbitrary code on the target device.

Remediation

Users can upgrade to AMI BIOS version BKC_5.38 to address this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

7.5

exploitability

2.6

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

7.5

exploitability

2.6

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

AMI AptioV BIOS TOCTOU Race Condition Vulnerability Allowing Arbitrary Code Execution

Vulnerability

Impact

Remediation

Affected Products

AMI AptioV

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating