Stack Buffer Overflow Vulnerability in UEFI DXE Driver on Acer Products
CVE-2022-30426

7.8HIGH

Key Information:

Vendor

Acer

Status
Altos T110 F3 Firmware
Vendor
CVE Published:
23 September 2022

What is CVE-2022-30426?

A stack buffer overflow vulnerability exists in the UEFI DXE driver used by various Acer systems, allowing attackers to potentially escalate privileges from user mode to kernel mode. This flaw may enable malicious exploitation leading to arbitrary code execution during the UEFI DXE execution phase. Devices such as the Altos T110 and multiple Aspire and Veriton series products are affected, necessitating urgent firmware updates to mitigate associated risks.

References

http://acer.com
x_refsource_MISC
http://altos.com
x_refsource_MISC
https://github.com/10TG/vulnerabilities/blob/main/Acer/CV...
x_refsource_MISC

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2022-30426 : Stack Buffer Overflow Vulnerability in UEFI DXE Driver on Acer Products