Acer driver flaw allows deploying malware during boot process

Updated on: 28 November 2022

Vilius Petkauskas
Deputy Editor

Acer vulnerability — Image by Shutterstock.

Acer devices are impacted by a driver vulnerability similar to an earlier discovered bug that affected several Lenovo computer models.

The bug affecting Acer devices allows deactivating UEFI Secure Boot, researchers at cybersecurity company ESET said. Acer, the multinational Taiwanese electronics maker, issued an advisory, telling users of affected devices to upgrade to the latest firmware.

“By disabling the Secure Boot feature, an attacker can load their own unsigned malicious bootloader to allow absolute control over the OS loading process. This can allow them to disable or bypass protections to silently deploy their own payloads with the system privileges,” Acer said in an advisory.

UEFI, short for Unified Extensible Firmware Interface, is used to kickstart the hardware of a computer before loading the operating system. The Secure Boot function ensures that no malicious code is loaded during the device‘s boot process.

twitter

According to the researchers, the vulnerability (CVE-2022-4020) can be exploited by creating NVRAM (non-volatile random-access memory) variables. If the variable exists, ESET said in a Tweet, the driver disables Secure Boot.

The flaw affects five Acer computer models, Acer Aspire A315-22, A115-21, A315-22G, Extensa EX215-21, and EX215-21G.

The flaw ESET discovered is almost identical to the one researchers discovered in Lenovo computers. The vulnerabilities Lenovo fixed earlier this month would have allowed threat actors to deactivate UEFI Secure Boot if exploited.

Flaws in the UEFI firmware impacted several of its popular Lenovo laptop models, such as Yoga, IdeaPad, and ThinkBook.

Earlier this year, ESET discovered that over 70 models of Lenovo notebook devices were fitted with vulnerable UEFI firmware. Buffer overflow vulnerabilities in the UEFI firmware allowed attackers to carry out arbitrary code execution (ACE) attacks and disable essential security features.