CVE-2022-4020

Name of the Vulnerable Software and Affected Versions Acer Notebook devices (affected versions not specified)

Description The issue concerns a vulnerability in the HQSwSmiDxe DXE driver that may allow an attacker with elevated privileges to modify UEFI Secure Boot settings by changing an NVRAM variable. This could potentially be exploited to disable Secure Boot protection, allowing attackers to intercept the OS boot process, load unsigned bootloaders, and deploy malicious payloads with system privileges. The vulnerability can be exploited in low-complexity attacks without requiring user interaction.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability. However, Acer recommends updating the BIOS to the latest version. As an alternative, clients can manually install the update on vulnerable systems.