Cybersecurity agency ESET’s researchers have recognized a vulnerability affecting Acer laptops. The bug isn’t new, as ESET already found it affecting Lenovo fashions, whereas this time, it’s impacting a number of fashions of Acer laptops.
Lenovo fastened the difficulty and revealed a technical advisory. Nonetheless, the bug permits attackers to put in malware on the system by letting them disable Safe Boot and bypass safety mechanisms.
Vulnerability Particulars
ESET assigned the vulnerability a CVSS rating of 8.1 and tracked it as CVE-2022-4020. It was found within the HQSwSmiDxe DXE driver that checks the ‘BootOrderSecureBootDisable’ NVRAM variable for deactivating UEFI (Unified Extensible Firmware Interface) Safe Boot.
Disabling this characteristic lets the attacker load their “personal unsigned malicious bootloader” in order to achieve full management over the OS loading process. Furthermore, they’ll bypass or disable protections to discreetly set up malicious payloads, ESET advisory learn.
“Vulnerability within the HQSwSmiDxe DXE driver on some client Acer Pocket book units might permit an attacker with elevated privileges to switch UEFI Safe Boot settings by modifying an NVRAM variable,” researchers defined. NVRAM refers to non-volatile random-access reminiscence variables.
Acer’s Rationalization
To your info, UEFI is answerable for kickstarting a pc’s {hardware} whereas the OS masses. The Safe Boot course of has to make sure that malicious code doesn’t get loaded when the system is booting.
On November twenty third, 2022, Acer defined that the bug lets the attacker tamper with this mechanism’s settings by creating NVRAM variables. This occurs as a result of the firmware driver simply checks for the variables’ presence and never their precise worth.
No less than 5 fashions of Acer computer systems are impacted by this bug, together with A315-22, A115-21, A315-22G, Extensa EX215-21, and EX215-21G. Acer is presently making an attempt to resolve the difficulty with a BIOS replace, which can be posted on its Assist website quickly and can be included as a Vital Home windows Replace. The corporate recommends customers replace to the most recent BIOS model.
