Researchers have identified a vulnerability that may allow changes to Secure Boot settings by creating NVRAM variables (actual value of the variable is not important, only the existence is checked by the affected firmware drivers).
Reference number: CVE-2022-4020
Affected Models: Acer Aspire A315-22, A115-21, A315-22G, Extensa EX215-21 and EX215-21G
By disabling the Secure Boot feature, an attacker can load their own unsigned malicious bootloader to allow absolute control over the OS loading process. This can allow them to disable or bypass protections to silently deploy their own payloads with the system privileges.
Acer recommends updating your BIOS to version 1.11 or newer to resolve this issue. You can download the latest BIOS from the Acer Support Site.
Martin Smolar from ESET
THE ABOVE INFORMATION IS PROVIDED "AS IS" IN CONNECTION WITH ACER AND INTEL® PRODUCTS. YOUR USE OF THE INFORMATION OR MATERIALS LINKED FROM THIS PAGE IS AT YOUR OWN RISK. ACER RESERVES THE RIGHT TO CHANGE OR UPDATE THIS PAGE AT ANY TIME.