CVE-2022-30426 — HIGH (7.8)

Q: How severe is CVE-2022-30426?

CVE-2022-30426 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2022-30426?

Check the references section above for vendor advisories and patch information. Affected products include: Acer Altos T110 F3 Firmware, Acer Altos T110 F3, Acer Ap130 F2 Firmware, Acer Ap130 F2, Acer Aspire 1600X Firmware.

Vulnerability Description

There is a stack buffer overflow vulnerability, which could lead to arbitrary code execution in UEFI DXE driver on some Acer products. An attack could exploit this vulnerability to escalate privilege from ring 3 to ring 0, and hijack control flow during UEFI DXE execution. This affects Altos T110 F3 firmware version <= P13 (latest) and AP130 F2 firmware version <= P04 (latest) and Aspire 1600X firmware version <= P11.A3L (latest) and Aspire 1602M firmware version <= P11.A3L (latest) and Aspire 7600U firmware version <= P11.A4 (latest) and Aspire MC605 firmware version <= P11.A4L (latest) and Aspire TC-105 firmware version <= P12.B0L (latest) and Aspire TC-120 firmware version <= P11-A4 (latest) and Aspire U5-620 firmware version <= P11.A1 (latest) and Aspire X1935 firmware version <= P11.A3L (latest) and Aspire X3475 firmware version <= P11.A3L (latest) and Aspire X3995 firmware version <= P11.A3L (latest) and Aspire XC100 firmware version <= P11.B3 (latest) and Aspire XC600 firmware version <= P11.A4 (latest) and Aspire Z3-615 firmware version <= P11.A2L (latest) and Veriton E430G firmware version <= P21.A1 (latest) and Veriton B630_49 firmware version <= AAP02SR (latest) and Veriton E430 firmware version <= P11.A4 (latest) and Veriton M2110G firmware version <= P21.A3 (latest) and Veriton M2120G fir.

CVSS Score

7.8

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Acer	Altos T110 F3 Firmware	< p13
Acer	Altos T110 F3	-
Acer	Ap130 F2 Firmware	< p04
Acer	Ap130 F2	-
Acer	Aspire 1600X Firmware	< p11.a3l
Acer	Aspire 1600X	-
Acer	Aspire 1602M Firmware	< p11.a3l
Acer	Aspire 1602M	-
Acer	Aspire 7600U Firmware	< p11.a4
Acer	Aspire 7600U	-
Acer	Aspire Mc605 Firmware	< p11.a4l
Acer	Aspire Mc605	-
Acer	Aspire Tc-105 Firmware	< p12.b0l
Acer	Aspire Tc-105	-
Acer	Aspire Tc-120 Firmware	< p11-a4
Acer	Aspire Tc-120	-
Acer	Aspire U5-620 Firmware	< p11.a1
Acer	Aspire U5-620	-
Acer	Aspire X1935 Firmware	< p11.a3l
Acer	Aspire X1935	-

Related Weaknesses (CWE)

CWE-787

References

http://acer.comVendor Advisory
http://altos.comBroken Link
https://github.com/10TG/vulnerabilities/blob/main/Acer/CVE-2022-30426/CVE-2022-3ExploitThird Party Advisory
http://acer.comVendor Advisory
http://altos.comBroken Link
https://github.com/10TG/vulnerabilities/blob/main/Acer/CVE-2022-30426/CVE-2022-3ExploitThird Party Advisory

FAQ

What is CVE-2022-30426?

CVE-2022-30426 is a vulnerability with a CVSS score of 7.8 (HIGH). There is a stack buffer overflow vulnerability, which could lead to arbitrary code execution in UEFI DXE driver on some Acer products. An attack could exploit this vulnerability to escalate privilege ...

How severe is CVE-2022-30426?

CVE-2022-30426 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-30426?

Check the references section above for vendor advisories and patch information. Affected products include: Acer Altos T110 F3 Firmware, Acer Altos T110 F3, Acer Ap130 F2 Firmware, Acer Ap130 F2, Acer Aspire 1600X Firmware.