// For flags

CVE-2022-28806

 

Severity Score

7.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

An issue was discovered on certain Fujitsu LIEFBOOK devices (A3510, U9310, U7511/U7411/U7311, U9311, E5510/E5410, U7510/U7410/U7310, E459/E449) with BIOS versions before v1.09 (A3510), v2.17 (U9310), v2.30 (U7511/U7411/U7311), v2.33 (U9311), v2.23 (E5510), v2.19 (U7510/U7410), v2.13 (U7310), and v1.09 (E459/E449). The FjGabiFlashCoreAbstractionSmm driver registers a Software System Management Interrupt (SWSMI) handler that is not sufficiently validated to ensure that the CommBuffer (or any other communication buffer's nested contents) are not pointing to SMRAM contents. A potential attacker can therefore write fixed data to SMRAM, which could lead to data corruption inside this memory (e.g., change the SMI handler's code or modify SMRAM map structures to break input pointer validation for other SMI handlers). Thus, the attacker could elevate privileges from ring 0 to ring -2 and execute arbitrary code in SMM.

Se ha detectado un problema en determinados dispositivos Fujitsu LIEFBOOK (A3510, U9310, U7511/U7411/U7311, U9311, E5510/E5410, U7510/U7410/U7310, E459/E449) con versiones de BIOS anteriores a v1. 09 (A3510), v2.17 (U9310), v2.30 (U7511/U7411/U7311), v2.33 (U9311), v2.23 (E5510), v2.19 (U7510/U7410), v2.13 (U7310) y v1.09 (E459/E449). El controlador FjGabiFlashCoreAbstractionSmm registra un administrador de interrupciones del sistema de software (SWSMI) que no está suficientemente comprobado para garantizar que el CommBuffer (o cualquier otro contenido anidado del búfer de comunicación) no apunte al contenido de la SMRAM. Por lo tanto, un atacante potencial puede escribir datos fijos en la SMRAM, lo que podría conllevar a una corrupción de datos dentro de esta memoria (por ejemplo, cambiar el código del manejador SMI o modificar las estructuras del mapa de la SMRAM para romper la comprobación del puntero de entrada para otros manejadores SMI). Así, el atacante podría elevar los privilegios del anillo 0 al anillo -2 y ejecutar código arbitrario en SMM

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Local
Attack Complexity
Low
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2022-04-08 CVE Reserved
  • 2022-05-04 CVE Published
  • 2024-07-26 EPSS Updated
  • 2024-08-03 CVE Updated
  • 2024-08-03 First Exploit
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-787: Out-of-bounds Write
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Fujitsu
Search vendor "Fujitsu"
Lifebook A3510 Firmware
Search vendor "Fujitsu" for product "Lifebook A3510 Firmware"
< 1.09
Search vendor "Fujitsu" for product "Lifebook A3510 Firmware" and version " < 1.09"
-
Affected
in Fujitsu
Search vendor "Fujitsu"
Lifebook A3510
Search vendor "Fujitsu" for product "Lifebook A3510"
--
Safe
Fujitsu
Search vendor "Fujitsu"
Lifebook U9310 Firmware
Search vendor "Fujitsu" for product "Lifebook U9310 Firmware"
< 2.17
Search vendor "Fujitsu" for product "Lifebook U9310 Firmware" and version " < 2.17"
-
Affected
in Fujitsu
Search vendor "Fujitsu"
Lifebook U9310
Search vendor "Fujitsu" for product "Lifebook U9310"
--
Safe
Fujitsu
Search vendor "Fujitsu"
Lifebook U7511 Firmware
Search vendor "Fujitsu" for product "Lifebook U7511 Firmware"
< 2.30
Search vendor "Fujitsu" for product "Lifebook U7511 Firmware" and version " < 2.30"
-
Affected
in Fujitsu
Search vendor "Fujitsu"
Lifebook U7511
Search vendor "Fujitsu" for product "Lifebook U7511"
--
Safe
Fujitsu
Search vendor "Fujitsu"
Lifebook U7411 Firmware
Search vendor "Fujitsu" for product "Lifebook U7411 Firmware"
< 2.30
Search vendor "Fujitsu" for product "Lifebook U7411 Firmware" and version " < 2.30"
-
Affected
in Fujitsu
Search vendor "Fujitsu"
Lifebook U7411
Search vendor "Fujitsu" for product "Lifebook U7411"
--
Safe
Fujitsu
Search vendor "Fujitsu"
Lifebook U7311 Firmware
Search vendor "Fujitsu" for product "Lifebook U7311 Firmware"
< 2.30
Search vendor "Fujitsu" for product "Lifebook U7311 Firmware" and version " < 2.30"
-
Affected
in Fujitsu
Search vendor "Fujitsu"
Lifebook U7311
Search vendor "Fujitsu" for product "Lifebook U7311"
--
Safe
Fujitsu
Search vendor "Fujitsu"
Lifebook U9311 Firmware
Search vendor "Fujitsu" for product "Lifebook U9311 Firmware"
<= 2.33
Search vendor "Fujitsu" for product "Lifebook U9311 Firmware" and version " <= 2.33"
-
Affected
in Fujitsu
Search vendor "Fujitsu"
Lifebook U9311
Search vendor "Fujitsu" for product "Lifebook U9311"
--
Safe
Fujitsu
Search vendor "Fujitsu"
Lifebook E5510 Firmware
Search vendor "Fujitsu" for product "Lifebook E5510 Firmware"
< 2.23
Search vendor "Fujitsu" for product "Lifebook E5510 Firmware" and version " < 2.23"
-
Affected
in Fujitsu
Search vendor "Fujitsu"
Lifebook E5510
Search vendor "Fujitsu" for product "Lifebook E5510"
--
Safe
Fujitsu
Search vendor "Fujitsu"
Lifebook U7510 Firmware
Search vendor "Fujitsu" for product "Lifebook U7510 Firmware"
< 2.19
Search vendor "Fujitsu" for product "Lifebook U7510 Firmware" and version " < 2.19"
-
Affected
in Fujitsu
Search vendor "Fujitsu"
Lifebook U7510
Search vendor "Fujitsu" for product "Lifebook U7510"
--
Safe
Fujitsu
Search vendor "Fujitsu"
Lifebook U7410 Firmware
Search vendor "Fujitsu" for product "Lifebook U7410 Firmware"
< 2.19
Search vendor "Fujitsu" for product "Lifebook U7410 Firmware" and version " < 2.19"
-
Affected
in Fujitsu
Search vendor "Fujitsu"
Lifebook U7410
Search vendor "Fujitsu" for product "Lifebook U7410"
--
Safe
Fujitsu
Search vendor "Fujitsu"
Lifebook U7310 Firmware
Search vendor "Fujitsu" for product "Lifebook U7310 Firmware"
< 2.13
Search vendor "Fujitsu" for product "Lifebook U7310 Firmware" and version " < 2.13"
-
Affected
in Fujitsu
Search vendor "Fujitsu"
Lifebook U7310
Search vendor "Fujitsu" for product "Lifebook U7310"
--
Safe
Fujitsu
Search vendor "Fujitsu"
Lifebook E459 Firmware
Search vendor "Fujitsu" for product "Lifebook E459 Firmware"
< 1.09
Search vendor "Fujitsu" for product "Lifebook E459 Firmware" and version " < 1.09"
-
Affected
in Fujitsu
Search vendor "Fujitsu"
Lifebook E459
Search vendor "Fujitsu" for product "Lifebook E459"
--
Safe
Fujitsu
Search vendor "Fujitsu"
Lifebook E449 Firmware
Search vendor "Fujitsu" for product "Lifebook E449 Firmware"
< 1.09
Search vendor "Fujitsu" for product "Lifebook E449 Firmware" and version " < 1.09"
-
Affected
in Fujitsu
Search vendor "Fujitsu"
Lifebook E449
Search vendor "Fujitsu" for product "Lifebook E449"
--
Safe