CVE-2022-4020

Summary

Vulnerability in the HQSwSmiDxe DXE driver on some consumer Acer Notebook devices may allow an attacker with elevated privileges to modify UEFI Secure Boot settings by modifying an NVRAM variable.

Affected Software

VendorProductVersion RangeStatus
AcerAspire A315-221.04 < 1.11affected
AcerAspire A115-211.04 < 1.11affected
AcerAspire A315-22G1.04 < 1.11affected
AcerExtensa EX215-211.04 < 1.11affected
AcerExtensa EX215-21G1.04 < 1.11affected

Weaknesses

  • CWE-276: CWE-276 Incorrect Default Permissions

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References