CVE-2022-30426
Severity CVSS v4.0:
Pending analysis
Type:
CWE-787
Out-of-bounds Write
Publication date:
23/09/2022
Last modified:
27/05/2025
Description
There is a stack buffer overflow vulnerability, which could lead to arbitrary code execution in UEFI DXE driver on some Acer products. An attack could exploit this vulnerability to escalate privilege from ring 3 to ring 0, and hijack control flow during UEFI DXE execution. This affects Altos T110 F3 firmware version
Impact
Base Score 3.x
7.80
Severity 3.x
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:acer:altos_t110_f3_firmware:*:*:*:*:*:*:*:* | p13 (excluding) | |
| cpe:2.3:h:acer:altos_t110_f3:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:acer:ap130_f2_firmware:*:*:*:*:*:*:*:* | p04 (excluding) | |
| cpe:2.3:h:acer:ap130_f2:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:acer:aspire_1600x_firmware:*:*:*:*:*:*:*:* | p11.a3l (excluding) | |
| cpe:2.3:h:acer:aspire_1600x:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:acer:aspire_1602m_firmware:*:*:*:*:*:*:*:* | p11.a3l (excluding) | |
| cpe:2.3:h:acer:aspire_1602m:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:acer:aspire_7600u_firmware:*:*:*:*:*:*:*:* | p11.a4 (excluding) | |
| cpe:2.3:h:acer:aspire_7600u:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:acer:aspire_mc605_firmware:*:*:*:*:*:*:*:* | p11.a4l (excluding) | |
| cpe:2.3:h:acer:aspire_mc605:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:acer:aspire_tc-105_firmware:*:*:*:*:*:*:*:* | p12.b0l (excluding) | |
| cpe:2.3:h:acer:aspire_tc-105:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:acer:aspire_tc-120_firmware:*:*:*:*:*:*:*:* | p11-a4 (excluding) |
To consult the complete list of CPE names with products and versions, see this page