CVE-2022-28806
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
An issue was discovered on certain Fujitsu LIEFBOOK devices (A3510, U9310, U7511/U7411/U7311, U9311, E5510/E5410, U7510/U7410/U7310, E459/E449) with BIOS versions before v1.09 (A3510), v2.17 (U9310), v2.30 (U7511/U7411/U7311), v2.33 (U9311), v2.23 (E5510), v2.19 (U7510/U7410), v2.13 (U7310), and v1.09 (E459/E449). The FjGabiFlashCoreAbstractionSmm driver registers a Software System Management Interrupt (SWSMI) handler that is not sufficiently validated to ensure that the CommBuffer (or any other communication buffer's nested contents) are not pointing to SMRAM contents. A potential attacker can therefore write fixed data to SMRAM, which could lead to data corruption inside this memory (e.g., change the SMI handler's code or modify SMRAM map structures to break input pointer validation for other SMI handlers). Thus, the attacker could elevate privileges from ring 0 to ring -2 and execute arbitrary code in SMM.
Se ha detectado un problema en determinados dispositivos Fujitsu LIEFBOOK (A3510, U9310, U7511/U7411/U7311, U9311, E5510/E5410, U7510/U7410/U7310, E459/E449) con versiones de BIOS anteriores a v1. 09 (A3510), v2.17 (U9310), v2.30 (U7511/U7411/U7311), v2.33 (U9311), v2.23 (E5510), v2.19 (U7510/U7410), v2.13 (U7310) y v1.09 (E459/E449). El controlador FjGabiFlashCoreAbstractionSmm registra un administrador de interrupciones del sistema de software (SWSMI) que no está suficientemente comprobado para garantizar que el CommBuffer (o cualquier otro contenido anidado del búfer de comunicación) no apunte al contenido de la SMRAM. Por lo tanto, un atacante potencial puede escribir datos fijos en la SMRAM, lo que podría conllevar a una corrupción de datos dentro de esta memoria (por ejemplo, cambiar el código del manejador SMI o modificar las estructuras del mapa de la SMRAM para romper la comprobación del puntero de entrada para otros manejadores SMI). Así, el atacante podría elevar los privilegios del anillo 0 al anillo -2 y ejecutar código arbitrario en SMM
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-04-08 CVE Reserved
- 2022-05-04 CVE Published
- 2024-07-26 EPSS Updated
- 2024-08-03 CVE Updated
- 2024-08-03 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-787: Out-of-bounds Write
CAPEC
References (4)
URL | Tag | Source |
---|---|---|
https://kb.cert.org/vuls/id/796611 | Third Party Advisory |
URL | Date | SRC |
---|---|---|
https://www.binarly.io/advisories | 2024-08-03 |
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Fujitsu Search vendor "Fujitsu" | Lifebook A3510 Firmware Search vendor "Fujitsu" for product "Lifebook A3510 Firmware" | < 1.09 Search vendor "Fujitsu" for product "Lifebook A3510 Firmware" and version " < 1.09" | - |
Affected
| in | Fujitsu Search vendor "Fujitsu" | Lifebook A3510 Search vendor "Fujitsu" for product "Lifebook A3510" | - | - |
Safe
|
Fujitsu Search vendor "Fujitsu" | Lifebook U9310 Firmware Search vendor "Fujitsu" for product "Lifebook U9310 Firmware" | < 2.17 Search vendor "Fujitsu" for product "Lifebook U9310 Firmware" and version " < 2.17" | - |
Affected
| in | Fujitsu Search vendor "Fujitsu" | Lifebook U9310 Search vendor "Fujitsu" for product "Lifebook U9310" | - | - |
Safe
|
Fujitsu Search vendor "Fujitsu" | Lifebook U7511 Firmware Search vendor "Fujitsu" for product "Lifebook U7511 Firmware" | < 2.30 Search vendor "Fujitsu" for product "Lifebook U7511 Firmware" and version " < 2.30" | - |
Affected
| in | Fujitsu Search vendor "Fujitsu" | Lifebook U7511 Search vendor "Fujitsu" for product "Lifebook U7511" | - | - |
Safe
|
Fujitsu Search vendor "Fujitsu" | Lifebook U7411 Firmware Search vendor "Fujitsu" for product "Lifebook U7411 Firmware" | < 2.30 Search vendor "Fujitsu" for product "Lifebook U7411 Firmware" and version " < 2.30" | - |
Affected
| in | Fujitsu Search vendor "Fujitsu" | Lifebook U7411 Search vendor "Fujitsu" for product "Lifebook U7411" | - | - |
Safe
|
Fujitsu Search vendor "Fujitsu" | Lifebook U7311 Firmware Search vendor "Fujitsu" for product "Lifebook U7311 Firmware" | < 2.30 Search vendor "Fujitsu" for product "Lifebook U7311 Firmware" and version " < 2.30" | - |
Affected
| in | Fujitsu Search vendor "Fujitsu" | Lifebook U7311 Search vendor "Fujitsu" for product "Lifebook U7311" | - | - |
Safe
|
Fujitsu Search vendor "Fujitsu" | Lifebook U9311 Firmware Search vendor "Fujitsu" for product "Lifebook U9311 Firmware" | <= 2.33 Search vendor "Fujitsu" for product "Lifebook U9311 Firmware" and version " <= 2.33" | - |
Affected
| in | Fujitsu Search vendor "Fujitsu" | Lifebook U9311 Search vendor "Fujitsu" for product "Lifebook U9311" | - | - |
Safe
|
Fujitsu Search vendor "Fujitsu" | Lifebook E5510 Firmware Search vendor "Fujitsu" for product "Lifebook E5510 Firmware" | < 2.23 Search vendor "Fujitsu" for product "Lifebook E5510 Firmware" and version " < 2.23" | - |
Affected
| in | Fujitsu Search vendor "Fujitsu" | Lifebook E5510 Search vendor "Fujitsu" for product "Lifebook E5510" | - | - |
Safe
|
Fujitsu Search vendor "Fujitsu" | Lifebook U7510 Firmware Search vendor "Fujitsu" for product "Lifebook U7510 Firmware" | < 2.19 Search vendor "Fujitsu" for product "Lifebook U7510 Firmware" and version " < 2.19" | - |
Affected
| in | Fujitsu Search vendor "Fujitsu" | Lifebook U7510 Search vendor "Fujitsu" for product "Lifebook U7510" | - | - |
Safe
|
Fujitsu Search vendor "Fujitsu" | Lifebook U7410 Firmware Search vendor "Fujitsu" for product "Lifebook U7410 Firmware" | < 2.19 Search vendor "Fujitsu" for product "Lifebook U7410 Firmware" and version " < 2.19" | - |
Affected
| in | Fujitsu Search vendor "Fujitsu" | Lifebook U7410 Search vendor "Fujitsu" for product "Lifebook U7410" | - | - |
Safe
|
Fujitsu Search vendor "Fujitsu" | Lifebook U7310 Firmware Search vendor "Fujitsu" for product "Lifebook U7310 Firmware" | < 2.13 Search vendor "Fujitsu" for product "Lifebook U7310 Firmware" and version " < 2.13" | - |
Affected
| in | Fujitsu Search vendor "Fujitsu" | Lifebook U7310 Search vendor "Fujitsu" for product "Lifebook U7310" | - | - |
Safe
|
Fujitsu Search vendor "Fujitsu" | Lifebook E459 Firmware Search vendor "Fujitsu" for product "Lifebook E459 Firmware" | < 1.09 Search vendor "Fujitsu" for product "Lifebook E459 Firmware" and version " < 1.09" | - |
Affected
| in | Fujitsu Search vendor "Fujitsu" | Lifebook E459 Search vendor "Fujitsu" for product "Lifebook E459" | - | - |
Safe
|
Fujitsu Search vendor "Fujitsu" | Lifebook E449 Firmware Search vendor "Fujitsu" for product "Lifebook E449 Firmware" | < 1.09 Search vendor "Fujitsu" for product "Lifebook E449 Firmware" and version " < 1.09" | - |
Affected
| in | Fujitsu Search vendor "Fujitsu" | Lifebook E449 Search vendor "Fujitsu" for product "Lifebook E449" | - | - |
Safe
|