An issue was discovered on certain Fujitsu LIEFBOOK devices (A3510, U9310, U7511/U7411/U7311, U9311, E5510/E5410, U7510/U7410/U7310, E459/E449) with BIOS versions before v1.09 (A3510), v2.17 (U9310), v2.30 (U7511/U7411/U7311), v2.33 (U9311), v2.23 (E5510), v2.19 (U7510/U7410), v2.13 (U7310), and v1.09 (E459/E449). The FjGabiFlashCoreAbstractionSmm driver registers a Software System Management Interrupt (SWSMI) handler that is not sufficiently validated to ensure that the CommBuffer (or any other communication buffer's nested contents) are not pointing to SMRAM contents. A potential attacker can therefore write fixed data to SMRAM, which could lead to data corruption inside this memory (e.g., change the SMI handler's code or modify SMRAM map structures to break input pointer validation for other SMI handlers). Thus, the attacker could elevate privileges from ring 0 to ring -2 and execute arbitrary code in SMM.
References
| Link | Resource |
|---|---|
| http://www.fmworld.net/biz/common/insyde/20220210/ | Vendor Advisory |
| https://kb.cert.org/vuls/id/796611 | Third Party Advisory US Government Resource |
| https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-FCCL-IS-2021-090903-Security-Advisory.asp | Vendor Advisory |
| https://www.binarly.io/advisories | Exploit Third Party Advisory |
Configurations
Configuration 1 (hide)
| AND |
|
Configuration 2 (hide)
| AND |
|
Configuration 3 (hide)
| AND |
|
Configuration 4 (hide)
| AND |
|
Configuration 5 (hide)
| AND |
|
Configuration 6 (hide)
| AND |
|
Configuration 7 (hide)
| AND |
|
Configuration 8 (hide)
| AND |
|
Configuration 9 (hide)
| AND |
|
Configuration 10 (hide)
| AND |
|
Configuration 11 (hide)
| AND |
|
Configuration 12 (hide)
| AND |
|
History
18 May 2022, 13:26
| Type | Values Removed | Values Added |
|---|---|---|
| First Time |
Fujitsu lifebook U7411
Fujitsu lifebook A3510 Fujitsu lifebook U7311 Fujitsu Fujitsu lifebook E449 Fujitsu lifebook E449 Firmware Fujitsu lifebook U7511 Fujitsu lifebook U7410 Fujitsu lifebook U7310 Firmware Fujitsu lifebook U7511 Firmware Fujitsu lifebook E5510 Fujitsu lifebook E459 Firmware Fujitsu lifebook U9310 Fujitsu lifebook U7310 Fujitsu lifebook U7311 Firmware Fujitsu lifebook U9311 Fujitsu lifebook U7510 Fujitsu lifebook U9311 Firmware Fujitsu lifebook A3510 Firmware Fujitsu lifebook U7411 Firmware Fujitsu lifebook U7510 Firmware Fujitsu lifebook E459 Fujitsu lifebook E5510 Firmware Fujitsu lifebook U7410 Firmware Fujitsu lifebook U9310 Firmware |
|
| CWE | CWE-787 | |
| CVSS |
v2 : v3 : |
v2 : 7.2
v3 : 7.8 |
| CPE | cpe:2.3:h:fujitsu:lifebook_u7410:-:*:*:*:*:*:*:* cpe:2.3:h:fujitsu:lifebook_e5510:-:*:*:*:*:*:*:* cpe:2.3:o:fujitsu:lifebook_u7510_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:fujitsu:lifebook_u7310:-:*:*:*:*:*:*:* cpe:2.3:o:fujitsu:lifebook_u9310_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:fujitsu:lifebook_e459:-:*:*:*:*:*:*:* cpe:2.3:o:fujitsu:lifebook_e5510_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:fujitsu:lifebook_u7511:-:*:*:*:*:*:*:* cpe:2.3:o:fujitsu:lifebook_u7411_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:fujitsu:lifebook_u7410_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:fujitsu:lifebook_u7411:-:*:*:*:*:*:*:* cpe:2.3:o:fujitsu:lifebook_u7511_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:fujitsu:lifebook_e459_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:fujitsu:lifebook_e449:-:*:*:*:*:*:*:* cpe:2.3:h:fujitsu:lifebook_u9310:-:*:*:*:*:*:*:* cpe:2.3:h:fujitsu:lifebook_u7510:-:*:*:*:*:*:*:* cpe:2.3:o:fujitsu:lifebook_u7310_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:fujitsu:lifebook_u7311:-:*:*:*:*:*:*:* cpe:2.3:o:fujitsu:lifebook_u9311_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:fujitsu:lifebook_u7311_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:fujitsu:lifebook_a3510:-:*:*:*:*:*:*:* cpe:2.3:o:fujitsu:lifebook_e449_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:fujitsu:lifebook_a3510_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:fujitsu:lifebook_u9311:-:*:*:*:*:*:*:* |
|
| References | (MISC) https://www.binarly.io/advisories - Exploit, Third Party Advisory | |
| References | (MISC) https://kb.cert.org/vuls/id/796611 - Third Party Advisory, US Government Resource | |
| References | (MISC) http://www.fmworld.net/biz/common/insyde/20220210/ - Vendor Advisory | |
| References | (MISC) https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-FCCL-IS-2021-090903-Security-Advisory.asp - Vendor Advisory |
04 May 2022, 15:35
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2022-05-04 15:15
Updated : 2023-12-10 14:22
NVD link : CVE-2022-28806
Mitre link : CVE-2022-28806
CVE.ORG link : CVE-2022-28806
JSON object : View
Products Affected
fujitsu
- lifebook_a3510
- lifebook_u9310_firmware
- lifebook_a3510_firmware
- lifebook_u7310_firmware
- lifebook_u9311
- lifebook_u7410_firmware
- lifebook_e449_firmware
- lifebook_u7511
- lifebook_e5510
- lifebook_u7311
- lifebook_e459_firmware
- lifebook_u7511_firmware
- lifebook_e5510_firmware
- lifebook_e459
- lifebook_u7310
- lifebook_u7411_firmware
- lifebook_e449
- lifebook_u9310
- lifebook_u7311_firmware
- lifebook_u9311_firmware
- lifebook_u7510
- lifebook_u7410
- lifebook_u7510_firmware
- lifebook_u7411
CWE
CWE-787
Out-of-bounds Write