CVE-2022-40080

HIGH

Acer Aspire E5-475G Firmware - Stack Overflow in FpGui Module

Title source: llm
STIX 2.1

Description

Stack overflow vulnerability in Aspire E5-475G 's BIOS firmware, in the FpGui module, a second call to GetVariable services allows local attackers to execute arbitrary code in the UEFI DXE phase and gain escalated privileges.

Scores

CVSS v3 7.8
EPSS 0.0037
EPSS Percentile 28.5%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact total

Details

CWE
CWE-787
Status published
Products (1)
acer/aspire_e5-475g_firmware 1.21
Published Feb 16, 2023
Tracked Since Feb 18, 2026