30 matches found
CVE-2023-39539
CVE-2023-39539 corresponds to a vulnerability in AMI AptioV BIOS where a user with local access can trigger an unrestricted upload of a PNG logo file (via the BMP Logo Handler) with a dangerous type. The underlying issue is described as a local elevation/impactful modification of boot-time/logo h...
CVE-2023-39538
CVE-2023-39538 concerns AMI AptioV BIOS where an attacker with local access can trigger an unrestricted upload of a BMP Logo file deemed dangerous, potentially affecting confidentiality, integrity, and availability. The vulnerability stems from BMP logo handling in AMI AptioV BIOS and has been di...
CVE-2024-42446
CVE-2024-42446 affects AMI AptioV BIOS with a TOCTOU race condition in BIOS code that can be triggered by a local attacker, potentially leading to arbitrary code execution. The description and connected sources consistently cite a local-exploit path and a high-impact outcomes (arbitrary code exec...
CVE-2022-26873
CVE-2022-26873 affects AMI Aptio 5.x PlatformInitAdvancedPreMem. The issue is described as a stack buffer overflow in PlatformInitAdvancedPreMem that can allow arbitrary code execution during the PEI phase, potentially enabling mitigation bypass, memory contents disclosure, VM secrets access, and...
CVE-2022-40262
CVE-2022-40262 concerns memory corruption in the S3Resume2Pei component that can allow arbitrary code execution during the PEI phase and affect subsequent boot stages. The affected element is injected into SMRAM, with potential to bypass mitigations, disclose physical memory, access secrets from ...
CVE-2022-40261
CVE-2022-40261 concerns the OverClockSmiHandler SMM driver. The provided documents describe a local-privilege-escalation flaw that allows an attacker to elevate to System Management Mode (ring -2), execute arbitrary code in SMM, and bypass SMM‑based SPI flash protections, enabling a malicious BIO...
CVE-2024-42442
CVE-2024-42442 concerns AMI AptioV BIOS vulnerability: a network-triggered flaw allows code execution outside the intended System Management Mode by compromising BIOS memory boundaries. The description notes a memory-buffer restriction breach enabling execution beyond SMRAM, with exploitation des...
CVE-2025-33043
CVE-2025-33043 is an SMM/AMI AptioV BIOS vulnerability involving improper input validation in BIOS code, enabling local attacker to redirect memory references into SMRAM and potentially execute code in the System Management Mode. The impact is elevation of privileges with the ability to modify fi...
CVE-2022-40250
CVE-2022-40250 affects AMI Aptio 5.x via a stack overflow in the SMI handler of SmmSmbiosElog. The vulnerability allows local privilege escalation to System Management Mode (SMM), enabling arbitrary code execution in a highly privileged context, bypassing SMM SPI flash protections and potentially...
CVE-2024-33658
AMI AptioV BIOS contains a local vulnerability (improper restriction of operations within the bounds of a memory buffer). The issue can be exploited locally to escalate privileges and potentially execute arbitrary code, impacting integrity. Connected sources identify AptioV BIOS as the affected c...
CVE-2023-34470
AMI AptioV BIOS contains an access-control vulnerability allowing an attacker on the local network to potentially compromise confidentiality, integrity, and availability. The root cause is an improper access-control policy in the BIOS. The CVE entry notes impact but does not provide concrete expl...
CVE-2024-2315
CVE-2024-2315 concerns AMI AptioV BIOS firmware with an issue labeled as an improper access control vulnerability in the BIOS that could allow a local attacker to modify SPI flash and trigger BIOS boot kit launches, potentially affecting availability and, to a lesser extent, integrity according t...
CVE-2024-33660
CVE-2024-33660 describes a vulnerability in AMI AptioV firmware whereby an attacker with physical access can manipulate SPI flash without detection, potentially enabling firmware tampering. Connected sources (CNNVD, CIRCL, CVELIST, VULNRICHMENT) corroborate AMI AptioV/SPI‑flash context; however, ...
CVE-2024-33656
CVE-2024-33656 affects the DXE module SmmComputrace. The vulnerability enables local attackers to leak stack or global memory, potentially causing privilege escalation, arbitrary code execution, and bypassing OS security mechanisms. Affects DXE SmmComputrace with local attack vector, low attack c...
CVE-2024-33657
CVE-2024-33657 describes a SMM vulnerability (SmmCallout in SmmComputrace Module) that could allow a local, privileged attacker to execute arbitrary code, manipulate stack memory, and leak data from SMRAM to kernel space, potentially causing a denial of service. Affected component is within SMM/C...
CVE-2024-54084
CVE-2024-54084: APTIOV BIOS vulnerability causes a TOCTOU race condition that an attacker can exploit locally to achieve arbitrary code execution. Documents indicate an impact to BIOS components with high confidentiality, integrity, and availability implications and a local attack vector with hig...
CVE-2024-33659
The CVE-2024-33659 entry concerns AMI AptioV BIOS with an Improper Input Validation flaw that allows a local attacker to overwrite memory and execute arbitrary code at the System Management Mode (SMM) level, impacting confidentiality, integrity, and availability. Documents consistently identify t...
CVE-2024-42444
CVE-2024-42444 affects AMI AptioV BIOS and is described as a TOCTOU race condition involving BIOS components (DMA/SMM) that may allow local attackers to execute arbitrary code on the target device. The available sources consistently report a BIOS-level vulnerability with a TOCTOU contention condi...
CVE-2023-34469
The CVE-2023-34469 entry refers to AMI AptioV BIOS with an improper access control issue over the physical network, leading to a potential loss of confidentiality. Documents consistently describe the vulnerability as BIOS-related, affecting BIOS/firmware behavior, but do not provide concrete expl...
CVE-2023-39535
CVE-2023-39535 concerns AMI AptioV BIOS with a vulnerability due to improper input validation that can be triggered over a local network. Affected: AMI AptioV BIOS firmware (BIOS-level component). Root cause: input validation weakness in the BIOS enabling a local network attacker to potentially c...
CVE-2023-39537
AMI AptioV BIOS contains a vulnerability where improper input validation over a local network can lead to loss of confidentiality, integrity, and availability. Affected: AMI AptioV BIOS firmware (TCG2 context). Root cause: improper input validation in BIOS as described in CVE-2023-39537. Impact: ...
CVE-2023-39536
AMI AptioV BIOS contains an improper input validation vulnerability that can be exploited over a local network, potentially impacting confidentiality, integrity, and availability. Affected software: AMI AptioV BIOS. Root cause: input validation issue in BIOS handling over LAN. Exploitation status...
CVE-2025-22830
The CVE-2025-22830 entry concerns AMI Aptiov BIOS whoseRace Condition occurs when a user with local access can trigger a vulnerability in the BIOS. The root cause is a local race condition that can lead to resource exhaustion, with impacts stated as Confidentiality, Integrity, and Availability be...
CVE-2025-58770
CVE-2025-58770 concerns the AMI AptioV BIOS, where a local attacker can trigger improper handling of insufficient permissions to escalate privileges. The vulnerability affects the BIOS/firmware layer of AptioV implementations and may impact integrity, availability, and potentially lead to elevate...
CVE-2025-22834
AMI AptioV BIOS contains a vulnerability described as an “Improper Initialization” caused by local access, potentially affecting confidentiality, integrity, and availability. Affected component is BIOS firmware (AMI AptioV); root cause is improper initialization. Exploitation details are not prov...
CVE-2025-33045
AMI AptioV BIOS contains BIOS-level vulnerabilities enabling a privileged local attacker to perform a write-what-where operation and expose sensitive information, potentially leading to information disclosure and arbitrary data writes with impact to confidentiality, integrity, and availability. S...
CVE-2025-22832
CVE-2025-22832 concerns a local, BIOS-level out-of-bounds write in AMI AptioV. The vulnerability affects AptioV BIOS (firmware) and is exploitable by a local attacker, with reported impacts including data corruption and loss of availability. The CVSS context indicates a local attack vector with l...
CVE-2025-22833
CVE-2025-22833 (AMI APTIOV BIOS) : A vulnerability in the BIOS of AMI APTIOV firmware allows a local attacker to trigger a buffer copy that does not validate input size, potentially enabling arbitrary code execution. Affected component: APTIOV BIOS/firmware. Impact (per sources): high confidentia...
CVE-2025-22831
CVE-2025-22831 affects AMI AptioV BIOS. The vulnerability is a local, in-BIOS Out-of-bounds Write that can be triggered by an attacker with local access, causing data corruption and loss of availability. Exploitation details are not provided in the supplied documents; no patch/version remediation...
CVE-2025-33044
The CVE-2025-33044 entry concerns AMI AptioV BIOS with a local, memory-bounds restriction flaw. The vulnerability allows an attacker with local access to trigger memory corruption, impacting Integrity and Availability . The root cause is described as an Improper Restriction of Operations within t...