Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-4020

Vulnerability in the HQSwSmiDxe DXE driver on some consumer Acer Notebook devices may allow an attacker with elevated privileges to modify UEFI Secure Boot settings by modifying an NVRAM variable.

Published

2022-11-28T13:15:10.180

Last Modified

2024-11-21T07:34:27.610

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 8.1 (HIGH)

Weaknesses

Type: Secondary
CWE-276
Type: Primary
CWE-276

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	acer	aspire_a315-22g_firmware	-	Yes
Hardware	acer	aspire_a315-22g	-	No
Operating System	acer	aspire_a115-21_firmware	-	Yes
Hardware	acer	aspire_a115-21	-	No
Operating System	acer	aspire_a315-22_firmware	-	Yes
Hardware	acer	aspire_a315-22	-	No
Operating System	acer	extensa_ex215-21_firmware	-	Yes
Hardware	acer	extensa_ex215-21	-	No
Operating System	acer	extensa_ex215-21g_firmware	-	Yes
Hardware	acer	extensa_ex215-21g	-	No

References

https://community.acer.com/en/kb/articles/15520-security-vulnerability-regarding-vulnerability-that-may-allow-changes-to-secure-boot-settings Vendor Advisory ([email protected])
https://community.acer.com/en/kb/articles/15520-security-vulnerability-regarding-vulnerability-that-may-allow-changes-to-secure-boot-settings Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)