A stack overflow vulnerability has been found in the BIOS firmware of Aspire E5-475G laptops, which can allow local attackers to execute arbitrary code and gain escalated privileges during the boot process. The vulnerability is caused by a second call to the GetVariable services in the FpGui module, which displays the fingerprint authentication GUI. This vulnerability affects all Aspire E5-475G laptops with BIOS firmware versions lower than 1.37. Acer recommends customers to update their BIOS firmware to the latest version from the official Acer website as soon as possible to prevent any potential exploitation. Customers can find out more details on CVE-2022-40080.
