A high-severity vulnerability that could allow changes to the Secure Boot settings on laptop devices has been identified on multiple models of Acer Notebooks. The affected models are Acer Aspire A315-22, A115-21, and A315-22G, and Extensa EX215-21 and EX215-21G. This vulnerability has been identified by an ESET malware researcher and is being fixed by Acer in a BIOS update. There is not currently any mention of whether this vulnerability has been exploited in the wild, however the attacker must be present with the device in order to exploit this vulnerability. Remote attacks are not possible for this flaw. 

The vulnerability is located in the HQSwSmiDxe driver of the affected Acer devices, which is the DXE (Driver Execution Environment) hardware driver where the UEFI (Unified Extensible Firmware Interface) system loads, executes boot OS code, and then transfers control to the boot OS. The security feature Secure Boot is designed to block untrusted bootloaders in order to prevent malicious rootkits or bootkits from being loaded in the device startup process. 

This vulnerability, tracked as CVE-2022-4020, allows for an attacker with elevated privileges to make changes to the UEFI Secure Boot system settings by creating an NVRAM variable. The value of the variable used doesn’t matter, however the firmware drivers need to confirm its existence when they check. The attacker can use this to assign their own malicious unsigned bootloader to have full control over the OS loading process. This gives them the ability to bypass or disable any protections and deploy malicious payloads silently with system level privileges. 

There are no published workarounds for dealing with this vulnerability, so the only fix available is to update the BIOS on affected devices. Acer have stated that the latest BIOS versions will resolve this issue, which will be posted on their Support site and will be included in a critical Windows update for these devices.