A vulnerability impacting multiple Acer laptop models could allow an attacker to disable the Secure Boot feature and bypass security protections to install malware.
Tracked as CVE-2022-4020 (CVSS score of 8.1), the vulnerability was identified in the HQSwSmiDxe DXE driver, which checks for the existence of the ‘BootOrderSecureBootDisable’ NVRAM variable to disable Secure Boot.
“Vulnerability in the HQSwSmiDxe DXE driver on some consumer Acer Notebook devices may allow an attacker with elevated privileges to modify UEFI Secure Boot settings by modifying an NVRAM variable,” a National Vulnerability Database advisory explains.
Acer explains that the vulnerability may allow an attacker to tamper with Secure Boot settings simply by creating NVRAM variables. Because the affected firmware driver only checks for the existence of the variables, their actual value is not important.
“By disabling the Secure Boot feature, an attacker can load their own unsigned malicious bootloader to allow absolute control over the OS loading process. This can allow them to disable or bypass protections to silently deploy their own payloads with the system privileges,” Acer notes.
Impacted device models, the computer maker says, include Aspire A315-22, A115-21, and A315-22G, and Extensa EX215-21 and EX215-21G.
“Acer is working on a BIOS update to resolve this issue that will be posted on the Acer Support site. Acer recommends updating your BIOS to the latest version to resolve this issue. This update will be included as a critical Windows update,” the company notes.
ESET security researcher Martin Smolar was credited for discovering and reporting the vulnerability.
According to ESET, this issue is like CVE-2022-3431, a vulnerability in the DXE driver BootOrderDxe of some Lenovo laptops which, just as the HQSwSmiDxe DXE driver, checks for the existences of a BootOrderSecureBootDisable variable and disables Secure Boot if it exists.
ESET warned of this Lenovo bug in early November, urging users to update the BIOS on impacted devices as soon as possible.
Now, the cybersecurity company is raising the alarm on this Acer vulnerability, urging users to keep an eye out for the patches.
“In addition to Lenovo vulnerabilities we disclosed earlier this month, we discovered another similar vulnerability in Acer laptops. Same as in Lenovo case, it allows deactivating UEFI Secure Boot by creating NVRAM variable directly from OS,” ESET notes.