CVE-2022-30426: There is a stack buffer overflow vulnerability, which could lead to arbitrary code execution in UEFI DXE dr...
There is a stack buffer overflow vulnerability, which could lead to arbitrary code execution in UEFI DXE driver on some Acer products. An attack could exploit this vulnerability to escalate privilege from ring 3 to ring 0, and hijack control flow during UEFI DXE execution. This affects Altos T110 F3 firmware version <= P13 (latest) and AP130 F2 firmware version <= P04 (latest) and Aspire 1600X firmware version <= P11.A3L (latest) and Aspire 1602M firmware version <= P11.A3L (latest) and Aspire 7600U firmware version <= P11.A4 (latest) and Aspire MC605 firmware version <= P11.A4L (latest) and Aspire TC-105 firmware version <= P12.B0L (latest) and Aspire TC-120 firmware version <= P11-A4 (latest) and Aspire U5-620 firmware version <= P11.A1 (latest) and Aspire X1935 firmware version <= P11.A3L (latest) and Aspire X3475 firmware version <= P11.A3L (latest) and Aspire X3995 firmware version <= P11.A3L (latest) and Aspire XC100 firmware version <= P11.B3 (latest) and Aspire XC600 firmware version <= P11.A4 (latest) and Aspire Z3-615 firmware version <= P11.A2L (latest) and Veriton E430G firmware version <= P21.A1 (latest) and Veriton B630_49 firmware version <= AAP02SR (latest) and Veriton E430 firmware version <= P11.A4 (latest) and Veriton M2110G firmware version <= P21.A3 (latest) and Veriton M2120G fir.
Security readout for executives and security teams
Plain-English summary
CVE-2022-30426 is a high-severity firmware flaw in some Acer systems. A local low-privileged attacker could potentially move from normal user access to kernel or firmware-level control during UEFI DXE execution. The source bundle does not identify a fixed firmware version.
Executive priority
Treat this as a targeted firmware-risk cleanup item, not an internet-wide emergency. Prioritize affected Acer assets that process sensitive data, support privileged workflows, or allow untrusted local users.
Technical view
The issue is a stack buffer overflow, mapped to CWE-787, in a UEFI DXE driver on listed Acer products. CVSS 3.1 is 7.8 with local attack vector, low complexity, low privileges, no user interaction, and high confidentiality, integrity, and availability impact.
Likely exposure
Exposure appears limited to the Acer models and firmware versions named in the CVE description. The structured affected-product data is incomplete, so asset teams should validate exact model and firmware against the CVE and Acer guidance.
Exploitation context
The bundle does not show CISA KEV listing or cited evidence of active exploitation. Exploitation requires local low-privileged access and could escalate privileges from ring 3 to ring 0 or affect UEFI DXE control flow.
Researcher notes
Evidence is thin in the supplied bundle: the affected list is mostly embedded in a truncated description, while structured CPE data is n/a. Do not assume unaffected status without model and firmware validation.
Mitigation direction
Inventory Acer systems and record exact model and firmware version.
Check Acer guidance for fixed firmware, support status, or replacement direction.
Prioritize remediation for shared, kiosk, lab, and high-trust systems.
Restrict local user access where affected firmware cannot be remediated.
Retire or isolate unsupported affected devices if no vendor fix exists.
Validation and detection
Compare discovered models and firmware against the CVE description.
Confirm whether each device is in Acer support and update channels.
Document devices where the latest firmware is still listed as affected.
Review firmware update history and configuration management records.
Track remediation exceptions with compensating controls and owner approval.
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Potential ATT&CK relevance
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
cwe · low confidence lookup
CWE-787: Exact CWE lookup
Use the exact CWE identifier as the starting point before reviewing related ATT&CK behavior. Open the exact CWE lookup page first, then review the ATT&CK searches from that MITRE weakness context. This is a Glexia lookup hint, not an official ATT&CK mapping.
The CVE wording references code or command execution, so execution technique review may help defensive triage. This is a Glexia inferred lookup path, not an official MITRE, ATT&CK, or CVE Program mapping.
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.
1CVSS vectors
3Timeline events
2ADP providers
2Source links
SSVC decision data
CISA-ADPCISA Coordinator
Timestamp
Version
2.0.3
Exploitation: pocAutomatable: noTechnical Impact: total
CVSS vector scores
1 official score
We collect every scored CVSS vector available in the official CNA and ADP containers. When more than one version is present, the table keeps the source vectors side by side instead of collapsing them into the highest score.
CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.
CWE-787 · source CWE mapping
Out-of-bounds Write
Out-of-bounds Write represents a recurring weakness pattern that can create exploitable paths when design, validation, or implementation controls are missing.