Vulnerability in Acer Laptops Allows Attackers to Disable Secure Boot

malware

AI generated Image

Tracked as CVE-2022-4020 (CVSS score of 8.1), the vulnerability was identified in the HQSwSmiDxe DXE driver, which checks for the existence of the ‘BootOrderSecureBootDisable’ NVRAM variable to disable Secure Boot. According to ESET, this issue is like CVE-2022-3431, a vulnerability in the DXE driver BootOrderDxe of some Lenovo laptops which, just as the HQSwSmiDxe DXE driver, checks for the existences of a BootOrderSecureBootDisable variable and disables Secure Boot if it exists. A vulnerability impacting multiple Acer laptop models could allow an attacker to disable the Secure Boot feature and bypass security protections to install malware.

Source read time: 2 min - securityweek.com

Also offered in: Nederlands

More news for you