CVE & CISA-KEV Catalog

CVE-2022-30426

HIGH
7.8
CVSS v3
NVD

Description

There is a stack buffer overflow vulnerability, which could lead to arbitrary code execution in UEFI DXE driver on some Acer products. An attack could exploit this vulnerability to escalate privilege from ring 3 to ring 0, and hijack control flow during UEFI DXE execution. This affects Altos T110 F3 firmware version <= P13 (latest) and AP130 F2 firmware version <= P04 (latest) and Aspire 1600X firmware version <= P11.A3L (latest) and Aspire 1602M firmware version <= P11.A3L (latest) and Aspire 7600U firmware version <= P11.A4 (latest) and Aspire MC605 firmware version <= P11.A4L (latest) and Aspire TC-105 firmware version <= P12.B0L (latest) and Aspire TC-120 firmware version <= P11-A4 (latest) and Aspire U5-620 firmware version <= P11.A1 (latest) and Aspire X1935 firmware version <= P11.A3L (latest) and Aspire X3475 firmware version <= P11.A3L (latest) and Aspire X3995 firmware version <= P11.A3L (latest) and Aspire XC100 firmware version <= P11.B3 (latest) and Aspire XC600 firmware version <= P11.A4 (latest) and Aspire Z3-615 firmware version <= P11.A2L (latest) and Veriton E430G firmware version <= P21.A1 (latest) and Veriton B630_49 firmware version <= AAP02SR (latest) and Veriton E430 firmware version <= P11.A4 (latest) and Veriton M2110G firmware version <= P21.A3 (latest) and Veriton M2120G fir.

How to fix

Remediation Available
altos t110 f3 firmwareNVD
Affected:< p13Fixed in:p13CVE-2022-30426derived from NVD
ap130 f2 firmwareNVD
Affected:< p04Fixed in:p04CVE-2022-30426derived from NVD
aspire 1600x firmwareNVD
Affected:< p11.a3lFixed in:p11.a3lCVE-2022-30426derived from NVD
aspire 1602m firmwareNVD
Affected:< p11.a3lFixed in:p11.a3lCVE-2022-30426derived from NVD
aspire 7600u firmwareNVD
Affected:< p11.a4Fixed in:p11.a4CVE-2022-30426derived from NVD
aspire mc605 firmwareNVD
Affected:< p11.a4lFixed in:p11.a4lCVE-2022-30426derived from NVD
aspire tc-105 firmwareNVD
Affected:< p12.b0lFixed in:p12.b0lCVE-2022-30426derived from NVD
aspire tc-120 firmwareNVD
Affected:< p11-a4Fixed in:p11-a4CVE-2022-30426derived from NVD
aspire u5-620 firmwareNVD
Affected:< p11.a1Fixed in:p11.a1CVE-2022-30426derived from NVD
aspire x1935 firmwareNVD
Affected:< p11.a3lFixed in:p11.a3lCVE-2022-30426derived from NVD
aspire x3475 firmwareNVD
Affected:< p11.a3lFixed in:p11.a3lCVE-2022-30426derived from NVD
aspire x3995 firmwareNVD
Affected:< p11.a3lFixed in:p11.a3lCVE-2022-30426derived from NVD
aspire xc100 firmwareNVD
Affected:< p11.b3Fixed in:p11.b3CVE-2022-30426derived from NVD
aspire xc600 firmwareNVD
Affected:< p11.a4Fixed in:p11.a4CVE-2022-30426derived from NVD
aspire z3-615 firmwareNVD
Affected:< p11.a2lFixed in:p11.a2lCVE-2022-30426derived from NVD
veriton b630 49 firmwareNVD
Affected:< aap02srFixed in:aap02srCVE-2022-30426derived from NVD
veriton e430 firmwareNVD
Affected:< p11.a4Fixed in:p11.a4CVE-2022-30426derived from NVD
veriton e430g firmwareNVD
Affected:< p21.a1Fixed in:p21.a1CVE-2022-30426derived from NVD
veriton m2110g firmwareNVD
Affected:< p21.a3Fixed in:p21.a3CVE-2022-30426derived from NVD
veriton m2120g firmwareNVD
Affected:< p11-a3Fixed in:p11-a3CVE-2022-30426derived from NVD
veriton m2611 firmwareNVD
Affected:< p11.b0Fixed in:p11.b0CVE-2022-30426derived from NVD
veriton m2611g firmwareNVD
Affected:< p11-b0lFixed in:p11-b0lCVE-2022-30426derived from NVD
veriton m4620 firmwareNVD
Affected:< p21.a3Fixed in:p21.a3CVE-2022-30426derived from NVD
veriton m4620g firmwareNVD
Affected:< p21.a3Fixed in:p21.a3CVE-2022-30426derived from NVD
veriton m6620g firmwareNVD
Affected:< p21.a0Fixed in:p21.a0CVE-2022-30426derived from NVD
veriton n2620g firmwareNVD
Affected:< p21.b0Fixed in:p21.b0CVE-2022-30426derived from NVD
veriton n4620g firmwareNVD
Affected:< p11.a2lFixed in:p11.a2lCVE-2022-30426derived from NVD
veriton n4630g firmwareNVD
Affected:< p21.b0Fixed in:p21.b0CVE-2022-30426derived from NVD
veriton s6620g firmwareNVD
Affected:< p11.a1Fixed in:p11.a1CVE-2022-30426derived from NVD
veriton x2611 firmwareNVD
Affected:< p11.a4Fixed in:p11.a4CVE-2022-30426derived from NVD
veriton x2611g firmwareNVD
Affected:< p11.a4Fixed in:p11.a4CVE-2022-30426derived from NVD
veriton x4620g firmwareNVD
Affected:< p11.a3Fixed in:p11.a3CVE-2022-30426derived from NVD
veriton x6620g firmwareNVD
Affected:< p11.a3Fixed in:p11.a3CVE-2022-30426derived from NVD
veriton z2650g firmwareNVD
Affected:< p21.a1Fixed in:p21.a1CVE-2022-30426derived from NVD

Remediation is compiled from vendor and distribution security advisories. Always confirm against the linked source for your exact version and platform.

CVSS v3 Vector

Exploitability

Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged

Impact

ConfidentialityHigh
IntegrityHigh
AvailabilityHigh

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploit Intelligence

0.43%probability of exploitation in 30 days
35thpercentile

Low risk: more likely to be exploited than 35% of all known CVEs.

References

Exploit1
Vendor Advisory1
Other references1

Related Vulnerabilities

Other CWE-787 (Out-of-bounds Write) vulnerabilities, ordered by exploit likelihood. View all

CVESeverityCVSSEPSSExploitedFix
CVE-2025-22457Critical9.0100%KEV + RansomFix
CVE-2025-0282Critical9.0100%KEV + Ransom-
CVE-2015-3113Critical9.8100%KEVFix
CVE-2021-20038Critical9.8100%KEV + Ransom-
CVE-2023-4863High8.8100%KEVFix
CVE-2020-16040Medium6.5100%-Fix
Embed a live status badge for CVE-2022-30426
CVE-2022-30426 severity badge

Markdown

[![CVE-2022-30426](https://tridentstack.com/cve/badge/CVE-2022-30426.svg)](https://tridentstack.com/cve/CVE-2022-30426)

HTML

<a href="https://tridentstack.com/cve/CVE-2022-30426"><img src="https://tridentstack.com/cve/badge/CVE-2022-30426.svg" alt="CVE-2022-30426"></a>

Find and fix vulnerabilities across your fleet

TridentStack Control continuously scans your Windows, macOS, and Linux fleet for known vulnerabilities, prioritizes them by severity and active exploitation, and patches them automatically.

Start free

This product uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog. Data as of 2026-07-05.