CVE-2022-30426

Severity Score

7.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

There is a stack buffer overflow vulnerability, which could lead to arbitrary code execution in UEFI DXE driver on some Acer products. An attack could exploit this vulnerability to escalate privilege from ring 3 to ring 0, and hijack control flow during UEFI DXE execution. This affects Altos T110 F3 firmware version <= P13 (latest) and AP130 F2 firmware version <= P04 (latest) and Aspire 1600X firmware version <= P11.A3L (latest) and Aspire 1602M firmware version <= P11.A3L (latest) and Aspire 7600U firmware version <= P11.A4 (latest) and Aspire MC605 firmware version <= P11.A4L (latest) and Aspire TC-105 firmware version <= P12.B0L (latest) and Aspire TC-120 firmware version <= P11-A4 (latest) and Aspire U5-620 firmware version <= P11.A1 (latest) and Aspire X1935 firmware version <= P11.A3L (latest) and Aspire X3475 firmware version <= P11.A3L (latest) and Aspire X3995 firmware version <= P11.A3L (latest) and Aspire XC100 firmware version <= P11.B3 (latest) and Aspire XC600 firmware version <= P11.A4 (latest) and Aspire Z3-615 firmware version <= P11.A2L (latest) and Veriton E430G firmware version <= P21.A1 (latest) and Veriton B630_49 firmware version <= AAP02SR (latest) and Veriton E430 firmware version <= P11.A4 (latest) and Veriton M2110G firmware version <= P21.A3 (latest) and Veriton M2120G fir.

Se presenta una vulnerabilidad de desbordamiento del búfer de la pila, que podría conllevar a una ejecución de código arbitrario en el controlador UEFI DXE de algunos productos Acer. Un ataque podría explotar esta vulnerabilidad para escalar el privilegio del anillo 3 al anillo 0, y secuestrar el flujo de control durante la ejecución de UEFI DXE. Esto afecta a versiones de firmware Altos T110 F3 versiones anteriores a P13 incluyéndola (más reciente) y AP130 F2 versiones anteriores a P04 incluyéndola (más reciente) y Aspire 1600X versiones anteriores a P11.A3L incluyéndola (más reciente) y Aspire 1602M versiones anteriores a P11.A3L incluyéndola (más reciente) y Aspire 7600U versiones anteriores a P11. A4 incluyéndola (más reciente) y Aspire MC605 versiones de firmware anteriores a P11.A4L incluyéndola (más reciente) y Aspire TC-105 versiones de firmware anteriores a P12.B0L incluyéndola (más reciente) y Aspire TC-120 versiones de firmware anteriores a P11-A4 incluyéndola (más reciente) y Aspire U5-620 versiones de firmware anteriores a P11.A1 incluyéndola (más reciente) y Aspire X1935 versiones de firmware anteriores a P11. A3L incluyéndola (más reciente) y Aspire X3475 versiones de firmware anteriores a P11.A3L incluyéndola (más reciente) y Aspire X3995 versiones de firmware anteriores a P11.A3L incluyéndola (más reciente) y Aspire XC100 versiones de firmware anteriores a P11.B3 incluyéndola (más reciente) y Aspire XC600 versiones de firmware anteriores a P11.A4 incluyéndola (más reciente) y Aspire Z3-615 versiones de firmware anteriores a P11. A2L incluyéndola (más reciente) y Veriton E430G versiones de firmware anteriores a P21.A1 incluyéndola (más reciente) y Veriton B630_49 versiones de firmware anteriores a AAP02SR incluyéndola (más reciente) y Veriton E430 versiones de firmware anteriores a P11.A4 incluyéndola (más reciente) y Veriton M2110G versiones de firmware anteriores a P21.A3 incluyéndola (más reciente) y Veriton M2120G fir.

*Credits: N/A

CVSS Scores

NISTv3.1 7.8

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2022-05-09 CVE Reserved
2022-09-22 CVE Published
2024-05-13 EPSS Updated
2024-08-03 CVE Updated
2024-08-03 First Exploit
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-787: Out-of-bounds Write

CAPEC

References (3)

URL	Tag	Source
http://altos.com	Broken Link

URL	Date	SRC
https://github.com/10TG/vulnerabilities/blob/main/Acer/CVE-2022-30426/CVE-2022-30426.md	2024-08-03

URL	Date	SRC

URL	Date	SRC
http://acer.com	2022-09-26

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Acer Search vendor "Acer"	Altos T110 F3 Firmware Search vendor "Acer" for product "Altos T110 F3 Firmware"	< p13 Search vendor "Acer" for product "Altos T110 F3 Firmware" and version " < p13"	-	Affected	in	Acer Search vendor "Acer"	Altos T110 F3 Search vendor "Acer" for product "Altos T110 F3"	-	-	Safe
Acer Search vendor "Acer"	Ap130 F2 Firmware Search vendor "Acer" for product "Ap130 F2 Firmware"	< p04 Search vendor "Acer" for product "Ap130 F2 Firmware" and version " < p04"	-	Affected	in	Acer Search vendor "Acer"	Ap130 F2 Search vendor "Acer" for product "Ap130 F2"	-	-	Safe
Acer Search vendor "Acer"	Aspire 1600x Firmware Search vendor "Acer" for product "Aspire 1600x Firmware"	< p11.a3l Search vendor "Acer" for product "Aspire 1600x Firmware" and version " < p11.a3l"	-	Affected	in	Acer Search vendor "Acer"	Aspire 1600x Search vendor "Acer" for product "Aspire 1600x"	-	-	Safe
Acer Search vendor "Acer"	Aspire 1602m Firmware Search vendor "Acer" for product "Aspire 1602m Firmware"	< p11.a3l Search vendor "Acer" for product "Aspire 1602m Firmware" and version " < p11.a3l"	-	Affected	in	Acer Search vendor "Acer"	Aspire 1602m Search vendor "Acer" for product "Aspire 1602m"	-	-	Safe
Acer Search vendor "Acer"	Aspire 7600u Firmware Search vendor "Acer" for product "Aspire 7600u Firmware"	< p11.a4 Search vendor "Acer" for product "Aspire 7600u Firmware" and version " < p11.a4"	-	Affected	in	Acer Search vendor "Acer"	Aspire 7600u Search vendor "Acer" for product "Aspire 7600u"	-	-	Safe
Acer Search vendor "Acer"	Aspire Mc605 Firmware Search vendor "Acer" for product "Aspire Mc605 Firmware"	< p11.a4l Search vendor "Acer" for product "Aspire Mc605 Firmware" and version " < p11.a4l"	-	Affected	in	Acer Search vendor "Acer"	Aspire Mc605 Search vendor "Acer" for product "Aspire Mc605"	-	-	Safe
Acer Search vendor "Acer"	Aspire Tc-105 Firmware Search vendor "Acer" for product "Aspire Tc-105 Firmware"	< p12.b0l Search vendor "Acer" for product "Aspire Tc-105 Firmware" and version " < p12.b0l"	-	Affected	in	Acer Search vendor "Acer"	Aspire Tc-105 Search vendor "Acer" for product "Aspire Tc-105"	-	-	Safe
Acer Search vendor "Acer"	Aspire Tc-120 Firmware Search vendor "Acer" for product "Aspire Tc-120 Firmware"	< p11-a4 Search vendor "Acer" for product "Aspire Tc-120 Firmware" and version " < p11-a4"	-	Affected	in	Acer Search vendor "Acer"	Aspire Tc-120 Search vendor "Acer" for product "Aspire Tc-120"	-	-	Safe
Acer Search vendor "Acer"	Aspire U5-620 Firmware Search vendor "Acer" for product "Aspire U5-620 Firmware"	< p11.a1 Search vendor "Acer" for product "Aspire U5-620 Firmware" and version " < p11.a1"	-	Affected	in	Acer Search vendor "Acer"	Aspire U5-620 Search vendor "Acer" for product "Aspire U5-620"	-	-	Safe
Acer Search vendor "Acer"	Aspire X1935 Firmware Search vendor "Acer" for product "Aspire X1935 Firmware"	< p11.a3l Search vendor "Acer" for product "Aspire X1935 Firmware" and version " < p11.a3l"	-	Affected	in	Acer Search vendor "Acer"	Aspire X1935 Search vendor "Acer" for product "Aspire X1935"	-	-	Safe
Acer Search vendor "Acer"	Aspire X3475 Firmware Search vendor "Acer" for product "Aspire X3475 Firmware"	< p11.a3l Search vendor "Acer" for product "Aspire X3475 Firmware" and version " < p11.a3l"	-	Affected	in	Acer Search vendor "Acer"	Aspire X3475 Search vendor "Acer" for product "Aspire X3475"	-	-	Safe
Acer Search vendor "Acer"	Aspire X3995 Firmware Search vendor "Acer" for product "Aspire X3995 Firmware"	< p11.a3l Search vendor "Acer" for product "Aspire X3995 Firmware" and version " < p11.a3l"	-	Affected	in	Acer Search vendor "Acer"	Aspire X3995 Search vendor "Acer" for product "Aspire X3995"	-	-	Safe
Acer Search vendor "Acer"	Aspire Xc100 Firmware Search vendor "Acer" for product "Aspire Xc100 Firmware"	< p11.b3 Search vendor "Acer" for product "Aspire Xc100 Firmware" and version " < p11.b3"	-	Affected	in	Acer Search vendor "Acer"	Aspire Xc100 Search vendor "Acer" for product "Aspire Xc100"	-	-	Safe
Acer Search vendor "Acer"	Aspire Xc600 Firmware Search vendor "Acer" for product "Aspire Xc600 Firmware"	< p11.a4 Search vendor "Acer" for product "Aspire Xc600 Firmware" and version " < p11.a4"	-	Affected	in	Acer Search vendor "Acer"	Aspire Xc600 Search vendor "Acer" for product "Aspire Xc600"	-	-	Safe
Acer Search vendor "Acer"	Aspire Z3-615 Firmware Search vendor "Acer" for product "Aspire Z3-615 Firmware"	< p11.a2l Search vendor "Acer" for product "Aspire Z3-615 Firmware" and version " < p11.a2l"	-	Affected	in	Acer Search vendor "Acer"	Aspire Z3-615 Search vendor "Acer" for product "Aspire Z3-615"	-	-	Safe
Acer Search vendor "Acer"	Veriton B630 49 Firmware Search vendor "Acer" for product "Veriton B630 49 Firmware"	< aap02sr Search vendor "Acer" for product "Veriton B630 49 Firmware" and version " < aap02sr"	-	Affected	in	Acer Search vendor "Acer"	Veriton B630 49 Search vendor "Acer" for product "Veriton B630 49"	-	-	Safe
Acer Search vendor "Acer"	Veriton E430g Firmware Search vendor "Acer" for product "Veriton E430g Firmware"	< p21.a1 Search vendor "Acer" for product "Veriton E430g Firmware" and version " < p21.a1"	-	Affected	in	Acer Search vendor "Acer"	Veriton E430g Search vendor "Acer" for product "Veriton E430g"	-	-	Safe
Acer Search vendor "Acer"	Veriton E430 Firmware Search vendor "Acer" for product "Veriton E430 Firmware"	< p11.a4 Search vendor "Acer" for product "Veriton E430 Firmware" and version " < p11.a4"	-	Affected	in	Acer Search vendor "Acer"	Veriton E430 Search vendor "Acer" for product "Veriton E430"	-	-	Safe
Acer Search vendor "Acer"	Veriton M2110g Firmware Search vendor "Acer" for product "Veriton M2110g Firmware"	< p21.a3 Search vendor "Acer" for product "Veriton M2110g Firmware" and version " < p21.a3"	-	Affected	in	Acer Search vendor "Acer"	Veriton M2110g Search vendor "Acer" for product "Veriton M2110g"	-	-	Safe
Acer Search vendor "Acer"	Veriton M2120g Firmware Search vendor "Acer" for product "Veriton M2120g Firmware"	< p11-a3 Search vendor "Acer" for product "Veriton M2120g Firmware" and version " < p11-a3"	-	Affected	in	Acer Search vendor "Acer"	Veriton M2120g Search vendor "Acer" for product "Veriton M2120g"	-	-	Safe
Acer Search vendor "Acer"	Veriton M2611g Firmware Search vendor "Acer" for product "Veriton M2611g Firmware"	< p11-b0l Search vendor "Acer" for product "Veriton M2611g Firmware" and version " < p11-b0l"	-	Affected	in	Acer Search vendor "Acer"	Veriton M2611g Search vendor "Acer" for product "Veriton M2611g"	-	-	Safe
Acer Search vendor "Acer"	Veriton M2611 Firmware Search vendor "Acer" for product "Veriton M2611 Firmware"	< p11.b0 Search vendor "Acer" for product "Veriton M2611 Firmware" and version " < p11.b0"	-	Affected	in	Acer Search vendor "Acer"	Veriton M2611 Search vendor "Acer" for product "Veriton M2611"	-	-	Safe
Acer Search vendor "Acer"	Veriton M4620 Firmware Search vendor "Acer" for product "Veriton M4620 Firmware"	< p21.a3 Search vendor "Acer" for product "Veriton M4620 Firmware" and version " < p21.a3"	-	Affected	in	Acer Search vendor "Acer"	Veriton M4620 Search vendor "Acer" for product "Veriton M4620"	-	-	Safe
Acer Search vendor "Acer"	Veriton M4620g Firmware Search vendor "Acer" for product "Veriton M4620g Firmware"	< p21.a3 Search vendor "Acer" for product "Veriton M4620g Firmware" and version " < p21.a3"	-	Affected	in	Acer Search vendor "Acer"	Veriton M4620g Search vendor "Acer" for product "Veriton M4620g"	-	-	Safe
Acer Search vendor "Acer"	Veriton M6620g Firmware Search vendor "Acer" for product "Veriton M6620g Firmware"	< p21.a0 Search vendor "Acer" for product "Veriton M6620g Firmware" and version " < p21.a0"	-	Affected	in	Acer Search vendor "Acer"	Veriton M6620g Search vendor "Acer" for product "Veriton M6620g"	-	-	Safe
Acer Search vendor "Acer"	Veriton N2620g Firmware Search vendor "Acer" for product "Veriton N2620g Firmware"	< p21.b0 Search vendor "Acer" for product "Veriton N2620g Firmware" and version " < p21.b0"	-	Affected	in	Acer Search vendor "Acer"	Veriton N2620g Search vendor "Acer" for product "Veriton N2620g"	-	-	Safe
Acer Search vendor "Acer"	Veriton N4620g Firmware Search vendor "Acer" for product "Veriton N4620g Firmware"	< p11.a2l Search vendor "Acer" for product "Veriton N4620g Firmware" and version " < p11.a2l"	-	Affected	in	Acer Search vendor "Acer"	Veriton N4620g Search vendor "Acer" for product "Veriton N4620g"	-	-	Safe
Acer Search vendor "Acer"	Veriton N4630g Firmware Search vendor "Acer" for product "Veriton N4630g Firmware"	< p21.b0 Search vendor "Acer" for product "Veriton N4630g Firmware" and version " < p21.b0"	-	Affected	in	Acer Search vendor "Acer"	Veriton N4630g Search vendor "Acer" for product "Veriton N4630g"	-	-	Safe
Acer Search vendor "Acer"	Veriton S6620g Firmware Search vendor "Acer" for product "Veriton S6620g Firmware"	< p11.a1 Search vendor "Acer" for product "Veriton S6620g Firmware" and version " < p11.a1"	-	Affected	in	Acer Search vendor "Acer"	Veriton S6620g Search vendor "Acer" for product "Veriton S6620g"	-	-	Safe
Acer Search vendor "Acer"	Veriton X2611g Firmware Search vendor "Acer" for product "Veriton X2611g Firmware"	< p11.a4 Search vendor "Acer" for product "Veriton X2611g Firmware" and version " < p11.a4"	-	Affected	in	Acer Search vendor "Acer"	Veriton X2611g Search vendor "Acer" for product "Veriton X2611g"	-	-	Safe
Acer Search vendor "Acer"	Veriton X2611 Firmware Search vendor "Acer" for product "Veriton X2611 Firmware"	< p11.a4 Search vendor "Acer" for product "Veriton X2611 Firmware" and version " < p11.a4"	-	Affected	in	Acer Search vendor "Acer"	Veriton X2611 Search vendor "Acer" for product "Veriton X2611"	-	-	Safe
Acer Search vendor "Acer"	Veriton X4620g Firmware Search vendor "Acer" for product "Veriton X4620g Firmware"	< p11.a3 Search vendor "Acer" for product "Veriton X4620g Firmware" and version " < p11.a3"	-	Affected	in	Acer Search vendor "Acer"	Veriton X4620g Search vendor "Acer" for product "Veriton X4620g"	-	-	Safe
Acer Search vendor "Acer"	Veriton X6620g Firmware Search vendor "Acer" for product "Veriton X6620g Firmware"	< p11.a3 Search vendor "Acer" for product "Veriton X6620g Firmware" and version " < p11.a3"	-	Affected	in	Acer Search vendor "Acer"	Veriton X6620g Search vendor "Acer" for product "Veriton X6620g"	-	-	Safe
Acer Search vendor "Acer"	Veriton Z2650g Firmware Search vendor "Acer" for product "Veriton Z2650g Firmware"	< p21.a1 Search vendor "Acer" for product "Veriton Z2650g Firmware" and version " < p21.a1"	-	Affected	in	Acer Search vendor "Acer"	Veriton Z2650g Search vendor "Acer" for product "Veriton Z2650g"	-	-	Safe