CVE-2022-28806
7.8
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 1.8 / Impact: 5.9
Source: NVD
Description
An issue was discovered on certain Fujitsu LIEFBOOK devices (A3510, U9310, U7511/U7411/U7311, U9311, E5510/E5410, U7510/U7410/U7310, E459/E449) with BIOS versions before v1.09 (A3510), v2.17 (U9310), v2.30 (U7511/U7411/U7311), v2.33 (U9311), v2.23 (E5510), v2.19 (U7510/U7410), v2.13 (U7310), and v1.09 (E459/E449). The FjGabiFlashCoreAbstractionSmm driver registers a Software System Management Interrupt (SWSMI) handler that is not sufficiently validated to ensure that the CommBuffer (or any other communication buffer's nested contents) are not pointing to SMRAM contents. A potential attacker can therefore write fixed data to SMRAM, which could lead to data corruption inside this memory (e.g., change the SMI handler's code or modify SMRAM map structures to break input pointer validation for other SMI handlers). Thus, the attacker could elevate privileges from ring 0 to ring -2 and execute arbitrary code in SMM.
Affected (12)
Products: Fujitsu: Lifebook A3510 Firmware, Lifebook U9310 Firmware, Lifebook U7511 Firmware, Lifebook U7411 Firmware, Lifebook U7311 Firmware, Lifebook U9311 Firmware, Lifebook E5510 Firmware, Lifebook U7510 Firmware, Lifebook U7410 Firmware, Lifebook U7310 Firmware, Lifebook E459 Firmware, Lifebook E449 Firmware
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Before 1.09 |
| Running on/with | Platform Versions |
|---|---|
Fujitsu Lifebook A3510 | All versions |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Before 2.17 |
| Running on/with | Platform Versions |
|---|---|
Fujitsu Lifebook U9310 | All versions |
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| Before 2.30 |
| Running on/with | Platform Versions |
|---|---|
Fujitsu Lifebook U7511 | All versions |
Configuration D
| Vulnerable Software | Affected Versions |
|---|---|
| Before 2.30 |
| Running on/with | Platform Versions |
|---|---|
Fujitsu Lifebook U7411 | All versions |
Configuration E
| Vulnerable Software | Affected Versions |
|---|---|
| Before 2.30 |
| Running on/with | Platform Versions |
|---|---|
Fujitsu Lifebook U7311 | All versions |
Configuration F
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 2.33 |
| Running on/with | Platform Versions |
|---|---|
Fujitsu Lifebook U9311 | All versions |
Configuration G
| Vulnerable Software | Affected Versions |
|---|---|
| Before 2.23 |
| Running on/with | Platform Versions |
|---|---|
Fujitsu Lifebook E5510 | All versions |
Configuration H
| Vulnerable Software | Affected Versions |
|---|---|
| Before 2.19 |
| Running on/with | Platform Versions |
|---|---|
Fujitsu Lifebook U7510 | All versions |
Configuration I
| Vulnerable Software | Affected Versions |
|---|---|
| Before 2.19 |
| Running on/with | Platform Versions |
|---|---|
Fujitsu Lifebook U7410 | All versions |
Configuration J
| Vulnerable Software | Affected Versions |
|---|---|
| Before 2.13 |
| Running on/with | Platform Versions |
|---|---|
Fujitsu Lifebook U7310 | All versions |
Configuration K
| Vulnerable Software | Affected Versions |
|---|---|
| Before 1.09 |
| Running on/with | Platform Versions |
|---|---|
Fujitsu Lifebook E459 | All versions |
Configuration L
| Vulnerable Software | Affected Versions |
|---|---|
| Before 1.09 |
| Running on/with | Platform Versions |
|---|---|
Fujitsu Lifebook E449 | All versions |
References (9)
Source: cve@mitre.org
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryUS Government Resource
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Timeline
No history available yet.