Acer Answers Security & Vulnerabilities

Security Vulnerability That May Allow Changes to Secure Boot Settings

VULNERABILITY DETAILS

Researchers have identified a vulnerability that may allow changes to Secure Boot settings by creating NVRAM variables (actual value of the variable is not important, only the existence is checked by the affected firmware drivers).

Reference number: CVE-2022-4020

Affected Models: Acer Aspire A315-22, A115-21, A315-22G, Extensa EX215-21 and EX215-21G

Impact

By disabling the Secure Boot feature, an attacker can load their own unsigned malicious bootloader to allow absolute control over the OS loading process. This can allow them to disable or bypass protections to silently deploy their own payloads with the system privileges.

Resolution

Acer recommends updating your BIOS to version 1.11 or newer to resolve this issue. You can download the latest BIOS from the Acer Support Site.

Credit

Martin Smolar from ESET

Disclaimer

THE ABOVE INFORMATION IS PROVIDED "AS IS" IN CONNECTION WITH ACER AND INTEL® PRODUCTS. YOUR USE OF THE INFORMATION OR MATERIALS LINKED FROM THIS PAGE IS AT YOUR OWN RISK. ACER RESERVES THE RIGHT TO CHANGE OR UPDATE THIS PAGE AT ANY TIME.

Swift Series Intel^® Evo™

Game Pass

Acer Corner

Gaming on Chromebook

Swift Series Intel® Evo™

Game Pass

Acer Corner

Gaming on Chromebook

Swift Series Intel^® Evo™