CVE-2022-28806

Severity Score

7.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

An issue was discovered on certain Fujitsu LIEFBOOK devices (A3510, U9310, U7511/U7411/U7311, U9311, E5510/E5410, U7510/U7410/U7310, E459/E449) with BIOS versions before v1.09 (A3510), v2.17 (U9310), v2.30 (U7511/U7411/U7311), v2.33 (U9311), v2.23 (E5510), v2.19 (U7510/U7410), v2.13 (U7310), and v1.09 (E459/E449). The FjGabiFlashCoreAbstractionSmm driver registers a Software System Management Interrupt (SWSMI) handler that is not sufficiently validated to ensure that the CommBuffer (or any other communication buffer's nested contents) are not pointing to SMRAM contents. A potential attacker can therefore write fixed data to SMRAM, which could lead to data corruption inside this memory (e.g., change the SMI handler's code or modify SMRAM map structures to break input pointer validation for other SMI handlers). Thus, the attacker could elevate privileges from ring 0 to ring -2 and execute arbitrary code in SMM.

Se ha detectado un problema en determinados dispositivos Fujitsu LIEFBOOK (A3510, U9310, U7511/U7411/U7311, U9311, E5510/E5410, U7510/U7410/U7310, E459/E449) con versiones de BIOS anteriores a v1. 09 (A3510), v2.17 (U9310), v2.30 (U7511/U7411/U7311), v2.33 (U9311), v2.23 (E5510), v2.19 (U7510/U7410), v2.13 (U7310) y v1.09 (E459/E449). El controlador FjGabiFlashCoreAbstractionSmm registra un administrador de interrupciones del sistema de software (SWSMI) que no está suficientemente comprobado para garantizar que el CommBuffer (o cualquier otro contenido anidado del búfer de comunicación) no apunte al contenido de la SMRAM. Por lo tanto, un atacante potencial puede escribir datos fijos en la SMRAM, lo que podría conllevar a una corrupción de datos dentro de esta memoria (por ejemplo, cambiar el código del manejador SMI o modificar las estructuras del mapa de la SMRAM para romper la comprobación del puntero de entrada para otros manejadores SMI). Así, el atacante podría elevar los privilegios del anillo 0 al anillo -2 y ejecutar código arbitrario en SMM

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2022-04-08 CVE Reserved
2022-05-04 CVE Published
2024-07-26 EPSS Updated
2024-08-03 CVE Updated
2024-08-03 First Exploit
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-787: Out-of-bounds Write

CAPEC

References (4)

URL	Tag	Source
https://kb.cert.org/vuls/id/796611	Third Party Advisory

URL	Date	SRC
https://www.binarly.io/advisories	2024-08-03

URL	Date	SRC

URL	Date	SRC
http://www.fmworld.net/biz/common/insyde/20220210	2022-05-18
https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-FCCL-IS-2021-090903-Security-Advisory.asp	2022-05-18

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Fujitsu Search vendor "Fujitsu"	Lifebook A3510 Firmware Search vendor "Fujitsu" for product "Lifebook A3510 Firmware"	< 1.09 Search vendor "Fujitsu" for product "Lifebook A3510 Firmware" and version " < 1.09"	-	Affected	in	Fujitsu Search vendor "Fujitsu"	Lifebook A3510 Search vendor "Fujitsu" for product "Lifebook A3510"	-	-	Safe
Fujitsu Search vendor "Fujitsu"	Lifebook U9310 Firmware Search vendor "Fujitsu" for product "Lifebook U9310 Firmware"	< 2.17 Search vendor "Fujitsu" for product "Lifebook U9310 Firmware" and version " < 2.17"	-	Affected	in	Fujitsu Search vendor "Fujitsu"	Lifebook U9310 Search vendor "Fujitsu" for product "Lifebook U9310"	-	-	Safe
Fujitsu Search vendor "Fujitsu"	Lifebook U7511 Firmware Search vendor "Fujitsu" for product "Lifebook U7511 Firmware"	< 2.30 Search vendor "Fujitsu" for product "Lifebook U7511 Firmware" and version " < 2.30"	-	Affected	in	Fujitsu Search vendor "Fujitsu"	Lifebook U7511 Search vendor "Fujitsu" for product "Lifebook U7511"	-	-	Safe
Fujitsu Search vendor "Fujitsu"	Lifebook U7411 Firmware Search vendor "Fujitsu" for product "Lifebook U7411 Firmware"	< 2.30 Search vendor "Fujitsu" for product "Lifebook U7411 Firmware" and version " < 2.30"	-	Affected	in	Fujitsu Search vendor "Fujitsu"	Lifebook U7411 Search vendor "Fujitsu" for product "Lifebook U7411"	-	-	Safe
Fujitsu Search vendor "Fujitsu"	Lifebook U7311 Firmware Search vendor "Fujitsu" for product "Lifebook U7311 Firmware"	< 2.30 Search vendor "Fujitsu" for product "Lifebook U7311 Firmware" and version " < 2.30"	-	Affected	in	Fujitsu Search vendor "Fujitsu"	Lifebook U7311 Search vendor "Fujitsu" for product "Lifebook U7311"	-	-	Safe
Fujitsu Search vendor "Fujitsu"	Lifebook U9311 Firmware Search vendor "Fujitsu" for product "Lifebook U9311 Firmware"	<= 2.33 Search vendor "Fujitsu" for product "Lifebook U9311 Firmware" and version " <= 2.33"	-	Affected	in	Fujitsu Search vendor "Fujitsu"	Lifebook U9311 Search vendor "Fujitsu" for product "Lifebook U9311"	-	-	Safe
Fujitsu Search vendor "Fujitsu"	Lifebook E5510 Firmware Search vendor "Fujitsu" for product "Lifebook E5510 Firmware"	< 2.23 Search vendor "Fujitsu" for product "Lifebook E5510 Firmware" and version " < 2.23"	-	Affected	in	Fujitsu Search vendor "Fujitsu"	Lifebook E5510 Search vendor "Fujitsu" for product "Lifebook E5510"	-	-	Safe
Fujitsu Search vendor "Fujitsu"	Lifebook U7510 Firmware Search vendor "Fujitsu" for product "Lifebook U7510 Firmware"	< 2.19 Search vendor "Fujitsu" for product "Lifebook U7510 Firmware" and version " < 2.19"	-	Affected	in	Fujitsu Search vendor "Fujitsu"	Lifebook U7510 Search vendor "Fujitsu" for product "Lifebook U7510"	-	-	Safe
Fujitsu Search vendor "Fujitsu"	Lifebook U7410 Firmware Search vendor "Fujitsu" for product "Lifebook U7410 Firmware"	< 2.19 Search vendor "Fujitsu" for product "Lifebook U7410 Firmware" and version " < 2.19"	-	Affected	in	Fujitsu Search vendor "Fujitsu"	Lifebook U7410 Search vendor "Fujitsu" for product "Lifebook U7410"	-	-	Safe
Fujitsu Search vendor "Fujitsu"	Lifebook U7310 Firmware Search vendor "Fujitsu" for product "Lifebook U7310 Firmware"	< 2.13 Search vendor "Fujitsu" for product "Lifebook U7310 Firmware" and version " < 2.13"	-	Affected	in	Fujitsu Search vendor "Fujitsu"	Lifebook U7310 Search vendor "Fujitsu" for product "Lifebook U7310"	-	-	Safe
Fujitsu Search vendor "Fujitsu"	Lifebook E459 Firmware Search vendor "Fujitsu" for product "Lifebook E459 Firmware"	< 1.09 Search vendor "Fujitsu" for product "Lifebook E459 Firmware" and version " < 1.09"	-	Affected	in	Fujitsu Search vendor "Fujitsu"	Lifebook E459 Search vendor "Fujitsu" for product "Lifebook E459"	-	-	Safe
Fujitsu Search vendor "Fujitsu"	Lifebook E449 Firmware Search vendor "Fujitsu" for product "Lifebook E449 Firmware"	< 1.09 Search vendor "Fujitsu" for product "Lifebook E449 Firmware" and version " < 1.09"	-	Affected	in	Fujitsu Search vendor "Fujitsu"	Lifebook E449 Search vendor "Fujitsu" for product "Lifebook E449"	-	-	Safe