CVE-2022-30426

Name of the Vulnerable Software and Affected Versions Acer Altos T110 F3 firmware version <= P13 Acer AP130 F2 firmware version <= P04 Acer Aspire 1600X firmware version <= P11.A3L Acer Aspire 1602M firmware version <= P11.A3L Acer Aspire 7600U firmware version <= P11.A4 Acer Aspire MC605 firmware version <= P11.A4L Acer Aspire TC-105 firmware version <= P12.B0L Acer Aspire TC-120 firmware version <= P11-A4 Acer Aspire U5-620 firmware version <= P11.A1 Acer Aspire X1935 firmware version <= P11.A3L Acer Aspire X3475 firmware version <= P11.A3L Acer Aspire X3995 firmware version <= P11.A3L Acer Aspire XC100 firmware version <= P11.B3 Acer Aspire XC600 firmware version <= P11.A4 Acer Aspire Z3-615 firmware version <= P11.A2L Acer Veriton E430G firmware version <= P21.A1 Acer Veriton B630 49 firmware version <= AAP02SR Acer Veriton E430 firmware version <= P11.A4 Acer Veriton M2110G firmware version <= P21.A3 Acer Veriton M2120G firmware version <= (no version specified)

Description The issue is related to a stack buffer overflow vulnerability in the UEFI DXE driver on some Acer products. This vulnerability could lead to arbitrary code execution, allowing an attacker to escalate privilege from ring 3 to ring 0 and hijack control flow during UEFI DXE execution.

Recommendations For Acer Altos T110 F3 firmware version <= P13, update to a version higher than P13. For Acer AP130 F2 firmware version <= P04, update to a version higher than P04. For Acer Aspire 1600X firmware version <= P11.A3L, update to a version higher than P11.A3L. For Acer Aspire 1602M firmware version <= P11.A3L, update to a version higher than P11.A3L. For Acer Aspire 7600U firmware version <= P11.A4, update to a version higher than P11.A4. For Acer Aspire MC605 firmware version <= P11.A4L, update to a version higher than P11.A4L. For Acer Aspire TC-105 firmware version <= P12.B0L, update to a version higher than P12.B0L. For Acer Aspire TC-120 firmware version <= P11-A4, update to a version higher than P11-A4. For Acer Aspire U5-620 firmware version <= P11.A1, update to a version higher than P11.A1. For Acer Aspire X1935 firmware version <= P11.A3L, update to a version higher than P11.A3L. For Acer Aspire X3475 firmware version <= P11.A3L, update to a version higher than P11.A3L. For Acer Aspire X3995 firmware version <= P11.A3L, update to a version higher than P11.A3L. For Acer Aspire XC100 firmware version <= P11.B3, update to a version higher than P11.B3. For Acer Aspire XC600 firmware version <= P11.A4, update to a version higher than P11.A4. For Acer Aspire Z3-615 firmware version <= P11.A2L, update to a version higher than P11.A2L. For Acer Veriton E430G firmware version <= P21.A1, update to a version higher than P21.A1. For Acer Veriton B630 49 firmware version <= AAP02SR, update to a version higher than AAP02SR. For Acer Veriton E430 firmware version <= P11.A4, update to a version higher than P11.A4. For Acer Veriton M2110G firmware version <= P21.A3, update to a version higher than P21.A3. For Acer Veriton M2120G, at the moment, there is no information about a newer version that contains a fix for this vulnerability.