CVE-2024-42442
Runtime Service Access outside SMRAM
In short
A vulnerability in APTIO BIOS allows attackers to write data outside the intended memory buffer, potentially executing code in System Management Mode (a privileged area that controls the computer at a very low level). This could give attackers full control over the system.
Technical detail
CWE-119 buffer overflow in APTIO BIOS permits out-of-bounds memory write via network-accessible vectors, enabling arbitrary code execution in SMM context. The vulnerability requires network access and may bypass isolation controls that separate privileged firmware execution from user-mode operations.
Summary generated and translated by AI from the official description.
APTIOV contains a vulnerability in the BIOS where a user or attacker may cause an improper restriction of operations within the bounds of a memory buffer over the network. A successful exploitation of this vulnerability may lead to code execution outside of the intended System Management Mode.
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Affected products
AMI · AptioVWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →