7.8

CVE-2022-28806

Exploit

An issue was discovered on certain Fujitsu LIEFBOOK devices (A3510, U9310, U7511/U7411/U7311, U9311, E5510/E5410, U7510/U7410/U7310, E459/E449) with BIOS versions before v1.09 (A3510), v2.17 (U9310), v2.30 (U7511/U7411/U7311), v2.33 (U9311), v2.23 (E5510), v2.19 (U7510/U7410), v2.13 (U7310), and v1.09 (E459/E449). The FjGabiFlashCoreAbstractionSmm driver registers a Software System Management Interrupt (SWSMI) handler that is not sufficiently validated to ensure that the CommBuffer (or any other communication buffer's nested contents) are not pointing to SMRAM contents. A potential attacker can therefore write fixed data to SMRAM, which could lead to data corruption inside this memory (e.g., change the SMI handler's code or modify SMRAM map structures to break input pointer validation for other SMI handlers). Thus, the attacker could elevate privileges from ring 0 to ring -2 and execute arbitrary code in SMM.

Data is provided by the National Vulnerability Database (NVD)
FujitsuLifebook A3510 Firmware Version < 1.09
   FujitsuLifebook A3510 Version-
FujitsuLifebook U9310 Firmware Version < 2.17
   FujitsuLifebook U9310 Version-
FujitsuLifebook U7511 Firmware Version < 2.30
   FujitsuLifebook U7511 Version-
FujitsuLifebook U7411 Firmware Version < 2.30
   FujitsuLifebook U7411 Version-
FujitsuLifebook U7311 Firmware Version < 2.30
   FujitsuLifebook U7311 Version-
FujitsuLifebook U9311 Firmware Version <= 2.33
   FujitsuLifebook U9311 Version-
FujitsuLifebook E5510 Firmware Version < 2.23
   FujitsuLifebook E5510 Version-
FujitsuLifebook U7510 Firmware Version < 2.19
   FujitsuLifebook U7510 Version-
FujitsuLifebook U7410 Firmware Version < 2.19
   FujitsuLifebook U7410 Version-
FujitsuLifebook U7310 Firmware Version < 2.13
   FujitsuLifebook U7310 Version-
FujitsuLifebook E459 Firmware Version < 1.09
   FujitsuLifebook E459 Version-
FujitsuLifebook E449 Firmware Version < 1.09
   FujitsuLifebook E449 Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.11% 0.302
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.2 3.9 10
AV:L/AC:L/Au:N/C:C/I:C/A:C
CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://kb.cert.org/vuls/id/796611
Third Party Advisory
US Government Resource
https://www.binarly.io/advisories
Third Party Advisory
Exploit