- Acer announced that the company has released an update that addresses a high-severity UEFI Secure Boot vulnerability.
- A local attacker with high privileges can make changes to Secure Boot settings by creating NVRAM variables.
- When the attacker disabled the Secure Boot feature, an unsigned bootloader can be loaded to disable or bypass protections.
Acer introduced a fix for a high-severity vulnerability that affects multiple laptop models. The vulnerability allows a local attacker to deactivate UEFI Secure Boot feature, which prevents untrusted bootloaders from loading during the startup with a Trusted Platform Module chip and Unified Extensible Firmware Interface.
HQSwSmiDxe DXE
According to Acer’s advisory, the vulnerability, tracked as CVE-2022-4020, was reported by Martin Smolar from ESET. It affects Acer Aspire A315-22, A115-21, A315-22G, Extensa EX215-21, and EX215-21G models. According to the announcement, the vulnerability, discovered in the HQSwSmiDxe DXE driver, may allow changes to Secure Boot settings by creating NVRAM variables.
Once the Secure Boot is disabled, the attacker can load an unsigned malicious bootloader to gain absolute control over the OS loading process. The attackers can disable or bypass protections, allowing them to silently deploy payloads with the system privileges.
Acer announced that a BIOS update that resolves this issue is currently available on the Acer Support website. The company urges users to update their BIOS with the latest version as soon as possible to resolve the issue. The update will also be included as a critical Windows update.