Stack overflow vulnerability in Aspire E5-475G 's BIOS firmware, in the FpGui module, a second call to GetVariable services allows local attackers to execute arbitrary code in the UEFI DXE phase and gain escalated privileges.
References
Link | Resource |
---|---|
https://acer.com/ | Not Applicable |
https://github.com/10TG/vulnerabilities/blob/main/Acer/CVE-2022-40080/CVE-2022-40080.md | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2023-02-16T00:00:00
Updated: 2023-02-16T00:00:00
Reserved: 2022-09-06T00:00:00
Link: CVE-2022-40080
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-02-16T20:15:15.110
Modified: 2023-02-24T20:40:14.110
Link: CVE-2022-40080
JSON object: View
Redhat Information
No data.
CWE