Primary

Context

AMI AptioV BIOS TOCTOU Race Condition Vulnerability Leading to Arbitrary Code Execution

Vulnerability

Patched

A race condition vulnerability has been identified in the AMI AptioV BIOS, where an attacker can locally exploit a Time-of-check Time-of-use (TOCTOU) condition. This vulnerability could be leveraged to execute arbitrary code.

Impact

Exploitation of this vulnerability could result in unauthorized arbitrary code execution within the BIOS environment.

Remediation

Users can upgrade to AMI AptioV version BKC_5.38 to address this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

7.5

exploitability

2.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

7.5

exploitability

2.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

AMI AptioV BIOS TOCTOU Race Condition Vulnerability Leading to Arbitrary Code Execution

Vulnerability

Impact

Remediation

Affected Products

AMI AptioV

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating