CVE-2022-28806

An issue was discovered on certain Fujitsu LIEFBOOK devices (A3510, U9310, U7511/U7411/U7311, U9311, E5510/E5410, U7510/U7410/U7310, E459/E449) with BIOS versions before v1.09 (A3510), v2.17 (U9310), v2.30 (U7511/U7411/U7311), v2.33 (U9311), v2.23 (E5510), v2.19 (U7510/U7410), v2.13 (U7310), and v1.09 (E459/E449). The FjGabiFlashCoreAbstractionSmm driver registers a Software System Management Interrupt (SWSMI) handler that is not sufficiently validated to ensure that the CommBuffer (or any other communication buffer's nested contents) are not pointing to SMRAM contents. A potential attacker can therefore write fixed data to SMRAM, which could lead to data corruption inside this memory (e.g., change the SMI handler's code or modify SMRAM map structures to break input pointer validation for other SMI handlers). Thus, the attacker could elevate privileges from ring 0 to ring -2 and execute arbitrary code in SMM.

CVSS v3 7.8 HIGH
CVSS v2.0 7.2 HIGH

7.8^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.2^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www.fmworld.net/biz/common/insyde/20220210/	Vendor Advisory
https://kb.cert.org/vuls/id/796611	Third Party Advisory US Government Resource
https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-FCCL-IS-2021-090903-Security-Advisory.asp	Vendor Advisory
https://www.binarly.io/advisories	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:fujitsu:lifebook_a3510_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:fujitsu:lifebook_a3510:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:fujitsu:lifebook_u9310_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:fujitsu:lifebook_u9310:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:fujitsu:lifebook_u7511_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:fujitsu:lifebook_u7511:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:fujitsu:lifebook_u7411_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:fujitsu:lifebook_u7411:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:fujitsu:lifebook_u7311_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:fujitsu:lifebook_u7311:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:fujitsu:lifebook_u9311_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:fujitsu:lifebook_u9311:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:fujitsu:lifebook_e5510_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:fujitsu:lifebook_e5510:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:fujitsu:lifebook_u7510_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:fujitsu:lifebook_u7510:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:fujitsu:lifebook_u7410_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:fujitsu:lifebook_u7410:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:fujitsu:lifebook_u7310_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:fujitsu:lifebook_u7310:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

cpe:2.3:o:fujitsu:lifebook_e459_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:fujitsu:lifebook_e459:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND

cpe:2.3:o:fujitsu:lifebook_e449_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:fujitsu:lifebook_e449:-:*:*:*:*:*:*:*

History

18 May 2022, 13:26

Type	Values Removed	Values Added
CPE		cpe:2.3:o:fujitsu:lifebook_a3510_firmware:::::::: cpe:2.3:o:fujitsu:lifebook_u9310_firmware:::::::: cpe:2.3:h:fujitsu:lifebook_u7511:-:::::::* cpe:2.3:o:fujitsu:lifebook_u7411_firmware:::::::: cpe:2.3:o:fujitsu:lifebook_u7511_firmware:::::::: cpe:2.3:h:fujitsu:lifebook_e5510:-:::::::* cpe:2.3:h:fujitsu:lifebook_e449:-:::::::* cpe:2.3:h:fujitsu:lifebook_u7510:-:::::::* cpe:2.3:h:fujitsu:lifebook_u7311:-:::::::* cpe:2.3:h:fujitsu:lifebook_u7410:-:::::::* cpe:2.3:h:fujitsu:lifebook_a3510:-:::::::* cpe:2.3:h:fujitsu:lifebook_u7411:-:::::::* cpe:2.3:h:fujitsu:lifebook_u9310:-:::::::* cpe:2.3:h:fujitsu:lifebook_u7310:-:::::::* cpe:2.3:o:fujitsu:lifebook_e459_firmware:::::::: cpe:2.3:o:fujitsu:lifebook_u7510_firmware:::::::: cpe:2.3:o:fujitsu:lifebook_u7310_firmware:::::::: cpe:2.3:o:fujitsu:lifebook_e449_firmware:::::::: cpe:2.3:h:fujitsu:lifebook_e459:-:::::::* cpe:2.3:o:fujitsu:lifebook_u7410_firmware:::::::: cpe:2.3:o:fujitsu:lifebook_u7311_firmware:::::::: cpe:2.3:o:fujitsu:lifebook_e5510_firmware:::::::: cpe:2.3:h:fujitsu:lifebook_u9311:-:::::::* cpe:2.3:o:fujitsu:lifebook_u9311_firmware::::::::
CWE		CWE-787
References	~~(MISC) https://www.binarly.io/advisories -~~	(MISC) https://www.binarly.io/advisories - Exploit, Third Party Advisory
References	~~(MISC) http://www.fmworld.net/biz/common/insyde/20220210/ -~~	(MISC) http://www.fmworld.net/biz/common/insyde/20220210/ - Vendor Advisory
References	~~(MISC) https://kb.cert.org/vuls/id/796611 -~~	(MISC) https://kb.cert.org/vuls/id/796611 - Third Party Advisory, US Government Resource
References	~~(MISC) https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-FCCL-IS-2021-090903-Security-Advisory.asp -~~	(MISC) https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-FCCL-IS-2021-090903-Security-Advisory.asp - Vendor Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : 7.2 v3 : 7.8

04 May 2022, 15:35

Type	Values Removed	Values Added
New CVE

Information

Published : 2022-05-04 15:15

Updated : 2024-02-04 22:29

NVD link : CVE-2022-28806

Mitre link : CVE-2022-28806

CVE.ORG link : CVE-2022-28806

JSON object : View

Products Affected

fujitsu

lifebook_u7410
lifebook_u7411_firmware
lifebook_u9311_firmware
lifebook_u9311
lifebook_u7411
lifebook_u7310
lifebook_u7511
lifebook_e449_firmware
lifebook_u7510
lifebook_e459_firmware
lifebook_a3510
lifebook_e5510
lifebook_u7510_firmware
lifebook_e459
lifebook_u9310
lifebook_u9310_firmware
lifebook_u7310_firmware
lifebook_u7311
lifebook_u7410_firmware
lifebook_e449
lifebook_e5510_firmware
lifebook_u7511_firmware
lifebook_u7311_firmware
lifebook_a3510_firmware

CWE

CWE-787

Out-of-bounds Write

7.8 /10