CVE-2022-40080

Name of the Vulnerable Software and Affected Versions Acer Aspire E5-475G (affected versions not specified)

Description The issue concerns a stack overflow vulnerability in the BIOS firmware of the affected device. Specifically, it is located in the FpGui module. A local attacker can exploit this by making a second call to GetVariable services, allowing them to execute arbitrary code in the UEFI DXE phase and gain escalated privileges.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.