CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
49.2%
There is a stack buffer overflow vulnerability, which could lead to arbitrary code execution in UEFI DXE driver on some Acer products. An attack could exploit this vulnerability to escalate privilege from ring 3 to ring 0, and hijack control flow during UEFI DXE execution. This affects Altos T110 F3 firmware version <= P13 (latest) and AP130 F2 firmware version <= P04 (latest) and Aspire 1600X firmware version <= P11.A3L (latest) and Aspire 1602M firmware version <= P11.A3L (latest) and Aspire 7600U firmware version <= P11.A4 (latest) and Aspire MC605 firmware version <= P11.A4L (latest) and Aspire TC-105 firmware version <= P12.B0L (latest) and Aspire TC-120 firmware version <= P11-A4 (latest) and Aspire U5-620 firmware version <= P11.A1 (latest) and Aspire X1935 firmware version <= P11.A3L (latest) and Aspire X3475 firmware version <= P11.A3L (latest) and Aspire X3995 firmware version <= P11.A3L (latest) and Aspire XC100 firmware version <= P11.B3 (latest) and Aspire XC600 firmware version <= P11.A4 (latest) and Aspire Z3-615 firmware version <= P11.A2L (latest) and Veriton E430G firmware version <= P21.A1 (latest) and Veriton B630_49 firmware version <= AAP02SR (latest) and Veriton E430 firmware version <= P11.A4 (latest) and Veriton M2110G firmware version <= P21.A3 (latest) and Veriton M2120G fir.
Vendor | Product | Version | CPE |
---|---|---|---|
acer | altos_t110_f3 | - | cpe:2.3:h:acer:altos_t110_f3:-:*:*:*:*:*:*:* |
acer | altos_t110_f3_firmware | * | cpe:2.3:o:acer:altos_t110_f3_firmware:*:*:*:*:*:*:*:* |
acer | ap130_f2 | - | cpe:2.3:h:acer:ap130_f2:-:*:*:*:*:*:*:* |
acer | ap130_f2_firmware | * | cpe:2.3:o:acer:ap130_f2_firmware:*:*:*:*:*:*:*:* |
acer | aspire_1600x | - | cpe:2.3:h:acer:aspire_1600x:-:*:*:*:*:*:*:* |
acer | aspire_1600x_firmware | * | cpe:2.3:o:acer:aspire_1600x_firmware:*:*:*:*:*:*:*:* |
acer | aspire_1602m | - | cpe:2.3:h:acer:aspire_1602m:-:*:*:*:*:*:*:* |
acer | aspire_1602m_firmware | * | cpe:2.3:o:acer:aspire_1602m_firmware:*:*:*:*:*:*:*:* |
acer | aspire_7600u | - | cpe:2.3:h:acer:aspire_7600u:-:*:*:*:*:*:*:* |
acer | aspire_7600u_firmware | * | cpe:2.3:o:acer:aspire_7600u_firmware:*:*:*:*:*:*:*:* |