2) Driver also gives direct read/write access to one of the smbus ports. Actually it might be more than one.
3) They expose some sort of ICSP flashing interface to an MCU?!
4) Driver object has no DACL.
It doesn't have access to much (it can talk to PCI-e cards that have SMBus pins wired, and that's about it).
My experience of Acer is that their drivers are full of vulns and they take many months, if not a year+, to fix them when researchers contact them. I waited two years on one bug (eventually someone else disclosed it).