CVE-2022-4020 HIGH

CVE-2022-4020: Acer Aspire BIOS vulnerability

Vendor Acer
Product Aspire A315-22
Weakness CWE-276
Published November 28, 2022
Last update April 14, 2025

CVSS base score

8.1/10
Attack vector Local
Attack complexity Low
Privileges required High
User interaction None
Confidentiality Low
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:H/A:H

What the vulnerability does

01Description

Vulnerability in the HQSwSmiDxe DXE driver on some consumer Acer Notebook devices may allow an attacker with elevated privileges to modify UEFI Secure Boot settings by modifying an NVRAM variable.

Key dates

02Disclosure timeline

November 28, 2022 CVE published
April 14, 2025 Record updated