CVE-2022-28806

HIGH

Fujitsu LIFEBOOK Firmware - Out-of-bounds Write via SWSMI Handler

Title source: llm
STIX 2.1

Description

An issue was discovered on certain Fujitsu LIEFBOOK devices (A3510, U9310, U7511/U7411/U7311, U9311, E5510/E5410, U7510/U7410/U7310, E459/E449) with BIOS versions before v1.09 (A3510), v2.17 (U9310), v2.30 (U7511/U7411/U7311), v2.33 (U9311), v2.23 (E5510), v2.19 (U7510/U7410), v2.13 (U7310), and v1.09 (E459/E449). The FjGabiFlashCoreAbstractionSmm driver registers a Software System Management Interrupt (SWSMI) handler that is not sufficiently validated to ensure that the CommBuffer (or any other communication buffer's nested contents) are not pointing to SMRAM contents. A potential attacker can therefore write fixed data to SMRAM, which could lead to data corruption inside this memory (e.g., change the SMI handler's code or modify SMRAM map structures to break input pointer validation for other SMI handlers). Thus, the attacker could elevate privileges from ring 0 to ring -2 and execute arbitrary code in SMM.

References (5)

Core 5
Core References
Exploit, Third Party Advisory x_refsource_misc
https://www.binarly.io/advisories
Third Party Advisory, US Government Resource x_refsource_misc
https://kb.cert.org/vuls/id/796611
Vendor Advisory x_refsource_misc
http://www.fmworld.net/biz/common/insyde/20220210/
Third Party Advisory, US Government Resource
https://www.kb.cert.org/vuls/id/796611

Scores

CVSS v3 7.8
EPSS 0.0045
EPSS Percentile 36.0%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-787
Status published
Products (12)
fujitsu/lifebook_a3510_firmware < 1.09
fujitsu/lifebook_e449_firmware < 1.09
fujitsu/lifebook_e459_firmware < 1.09
fujitsu/lifebook_e5510_firmware < 2.23
fujitsu/lifebook_u7310_firmware < 2.13
fujitsu/lifebook_u7311_firmware < 2.30
fujitsu/lifebook_u7410_firmware < 2.19
fujitsu/lifebook_u7411_firmware < 2.30
fujitsu/lifebook_u7510_firmware < 2.19
fujitsu/lifebook_u7511_firmware < 2.30
... and 2 more
Published May 04, 2022
Tracked Since Feb 18, 2026