Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-28806

An issue was discovered on certain Fujitsu LIEFBOOK devices (A3510, U9310, U7511/U7411/U7311, U9311, E5510/E5410, U7510/U7410/U7310, E459/E449) with BIOS versions before v1.09 (A3510), v2.17 (U9310), v2.30 (U7511/U7411/U7311), v2.33 (U9311), v2.23 (E5510), v2.19 (U7510/U7410), v2.13 (U7310), and v1.09 (E459/E449). The FjGabiFlashCoreAbstractionSmm driver registers a Software System Management Interrupt (SWSMI) handler that is not sufficiently validated to ensure that the CommBuffer (or any other communication buffer's nested contents) are not pointing to SMRAM contents. A potential attacker can therefore write fixed data to SMRAM, which could lead to data corruption inside this memory (e.g., change the SMI handler's code or modify SMRAM map structures to break input pointer validation for other SMI handlers). Thus, the attacker could elevate privileges from ring 0 to ring -2 and execute arbitrary code in SMM.

Published

2022-05-04T15:15:13.083

Last Modified

2024-11-21T06:57:57.923

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.8 (HIGH)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

3.9

Impact Score

10.0

Weaknesses

Type: Primary
CWE-787

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	fujitsu	lifebook_a3510_firmware	< 1.09	Yes
Hardware	fujitsu	lifebook_a3510	-	No
Operating System	fujitsu	lifebook_u9310_firmware	< 2.17	Yes
Hardware	fujitsu	lifebook_u9310	-	No
Operating System	fujitsu	lifebook_u7511_firmware	< 2.30	Yes
Hardware	fujitsu	lifebook_u7511	-	No
Operating System	fujitsu	lifebook_u7411_firmware	< 2.30	Yes
Hardware	fujitsu	lifebook_u7411	-	No
Operating System	fujitsu	lifebook_u7311_firmware	< 2.30	Yes
Hardware	fujitsu	lifebook_u7311	-	No
Operating System	fujitsu	lifebook_u9311_firmware	≤ 2.33	Yes
Hardware	fujitsu	lifebook_u9311	-	No
Operating System	fujitsu	lifebook_e5510_firmware	< 2.23	Yes
Hardware	fujitsu	lifebook_e5510	-	No
Operating System	fujitsu	lifebook_u7510_firmware	< 2.19	Yes
Hardware	fujitsu	lifebook_u7510	-	No
Operating System	fujitsu	lifebook_u7410_firmware	< 2.19	Yes
Hardware	fujitsu	lifebook_u7410	-	No
Operating System	fujitsu	lifebook_u7310_firmware	< 2.13	Yes
Hardware	fujitsu	lifebook_u7310	-	No
Operating System	fujitsu	lifebook_e459_firmware	< 1.09	Yes
Hardware	fujitsu	lifebook_e459	-	No
Operating System	fujitsu	lifebook_e449_firmware	< 1.09	Yes
Hardware	fujitsu	lifebook_e449	-	No

References

http://www.fmworld.net/biz/common/insyde/20220210/ Vendor Advisory ([email protected])
https://kb.cert.org/vuls/id/796611 Third Party Advisory, US Government Resource ([email protected])
https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-FCCL-IS-2021-090903-Security-Advisory.asp Vendor Advisory ([email protected])
https://www.binarly.io/advisories Exploit, Third Party Advisory ([email protected])
http://www.fmworld.net/biz/common/insyde/20220210/ Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://kb.cert.org/vuls/id/796611 Third Party Advisory, US Government Resource (af854a3a-2127-422b-91ae-364da2661108)
https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-FCCL-IS-2021-090903-Security-Advisory.asp Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.binarly.io/advisories Exploit, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)