Security Experts:

Connect with us

Hi, what are you looking for?


Endpoint Security

Vulnerability in Acer Laptops Allows Attackers to Disable Secure Boot

A vulnerability impacting multiple Acer laptop models could allow an attacker to disable the Secure Boot feature and bypass security protections to install malware.

A vulnerability impacting multiple Acer laptop models could allow an attacker to disable the Secure Boot feature and bypass security protections to install malware.

Tracked as CVE-2022-4020 (CVSS score of 8.1), the vulnerability was identified in the HQSwSmiDxe DXE driver, which checks for the existence of the ‘BootOrderSecureBootDisable’ NVRAM variable to disable Secure Boot.

“Vulnerability in the HQSwSmiDxe DXE driver on some consumer Acer Notebook devices may allow an attacker with elevated privileges to modify UEFI Secure Boot settings by modifying an NVRAM variable,” a National Vulnerability Database advisory explains.

Acer explains that the vulnerability may allow an attacker to tamper with Secure Boot settings simply by creating NVRAM variables. Because the affected firmware driver only checks for the existence of the variables, their actual value is not important.

“By disabling the Secure Boot feature, an attacker can load their own unsigned malicious bootloader to allow absolute control over the OS loading process. This can allow them to disable or bypass protections to silently deploy their own payloads with the system privileges,” Acer notes.

Impacted device models, the computer maker says, include Aspire A315-22, A115-21, and A315-22G, and Extensa EX215-21 and EX215-21G.

“Acer is working on a BIOS update to resolve this issue that will be posted on the Acer Support site. Acer recommends updating your BIOS to the latest version to resolve this issue. This update will be included as a critical Windows update,” the company notes.

ESET security researcher Martin Smolar was credited for discovering and reporting the vulnerability.

According to ESET, this issue is like CVE-2022-3431, a vulnerability in the DXE driver BootOrderDxe of some Lenovo laptops which, just as the HQSwSmiDxe DXE driver, checks for the existences of a BootOrderSecureBootDisable variable and disables Secure Boot if it exists.

ESET warned of this Lenovo bug in early November, urging users to update the BIOS on impacted devices as soon as possible.

Now, the cybersecurity company is raising the alarm on this Acer vulnerability, urging users to keep an eye out for the patches.

“In addition to Lenovo vulnerabilities we disclosed earlier this month, we discovered another similar vulnerability in Acer laptops. Same as in Lenovo case, it allows deactivating UEFI Secure Boot by creating NVRAM variable directly from OS,” ESET notes.

Related: Lenovo Patches UEFI Code Execution Vulnerability Affecting Many Laptops

Related: HP Patches UEFI Vulnerabilities Affecting Over 200 Computers

Related: High-Severity UEFI Vulnerabilities Patched in Dell Enterprise Laptops

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Expert Insights

Related Content

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

IoT Security

Lexmark warns of a remote code execution (RCE) vulnerability impacting over 120 printer models, for which PoC code has been published.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Email Security

Microsoft is urging customers to install the latest Exchange Server updates and harden their environments to prevent malicious attacks.

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.


Security researchers have observed an uptick in attacks targeting CVE-2021-35394, an RCE vulnerability in Realtek Jungle SDK.


Google has awarded more than $25,000 to the researchers who reported the vulnerabilities patched with the release of the latest Chrome update.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.