CVE-2022-28806 - OpenCVE

An issue was discovered on certain Fujitsu LIEFBOOK devices (A3510, U9310, U7511/U7411/U7311, U9311, E5510/E5410, U7510/U7410/U7310, E459/E449) with BIOS versions before v1.09 (A3510), v2.17 (U9310), v2.30 (U7511/U7411/U7311), v2.33 (U9311), v2.23 (E5510), v2.19 (U7510/U7410), v2.13 (U7310), and v1.09 (E459/E449). The FjGabiFlashCoreAbstractionSmm driver registers a Software System Management Interrupt (SWSMI) handler that is not sufficiently validated to ensure that the CommBuffer (or any other communication buffer's nested contents) are not pointing to SMRAM contents. A potential attacker can therefore write fixed data to SMRAM, which could lead to data corruption inside this memory (e.g., change the SMI handler's code or modify SMRAM map structures to break input pointer validation for other SMI handlers). Thus, the attacker could elevate privileges from ring 0 to ring -2 and execute arbitrary code in SMM.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:L/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Fujitsu	Lifebook A3510 Lifebook A3510 Firmware Lifebook E449 Lifebook E449 Firmware Lifebook E459 Lifebook E459 Firmware Lifebook E5510 Lifebook E5510 Firmware Lifebook U7310 Lifebook U7310 Firmware Lifebook U7311 Lifebook U7311 Firmware Lifebook U7410 Lifebook U7410 Firmware Lifebook U7411 Lifebook U7411 Firmware Lifebook U7510 Lifebook U7510 Firmware Lifebook U7511 Lifebook U7511 Firmware Lifebook U9310 Lifebook U9310 Firmware Lifebook U9311 Lifebook U9311 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:fujitsu:lifebook_a3510_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:fujitsu:lifebook_a3510:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:fujitsu:lifebook_u9310_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:fujitsu:lifebook_u9310:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:fujitsu:lifebook_u7511_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:fujitsu:lifebook_u7511:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:fujitsu:lifebook_u7411_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:fujitsu:lifebook_u7411:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:fujitsu:lifebook_u7311_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:fujitsu:lifebook_u7311:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:fujitsu:lifebook_u9311_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:fujitsu:lifebook_u9311:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:fujitsu:lifebook_e5510_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:fujitsu:lifebook_e5510:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:fujitsu:lifebook_u7510_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:fujitsu:lifebook_u7510:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:fujitsu:lifebook_u7410_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:fujitsu:lifebook_u7410:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:fujitsu:lifebook_u7310_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:fujitsu:lifebook_u7310:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:fujitsu:lifebook_e459_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:fujitsu:lifebook_e459:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:o:fujitsu:lifebook_e449_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:fujitsu:lifebook_e449:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.fmworld.net/biz/common/insyde/20220210/
https://kb.cert.org/vuls/id/796611
https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-FCCL-IS-2021-090903-Security-Advisory.asp
https://www.binarly.io/advisories

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2022-05-04T14:10:18

Updated: 2024-08-03T06:03:53.021Z

Reserved: 2022-04-08T00:00:00

Link: CVE-2022-28806

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2022-05-04T15:15:13.083

Modified: 2022-05-18T13:26:13.097

Link: CVE-2022-28806

Redhat

No data.

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object