CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-28806

An issue was discovered on certain Fujitsu LIEFBOOK devices (A3510, U9310, U7511/U7411/U7311, U9311, E5510/E5410, U7510/U7410/U7310, E459/E449) with BIOS versions before v1.09 (A3510), v2.17 (U9310), v2.30 (U7511/U7411/U7311), v2.33 (U9311), v2.23 (E5510), v2.19 (U7510/U7410), v2.13 (U7310), and v1.09 (E459/E449). The FjGabiFlashCoreAbstractionSmm driver registers a Software System Management Interrupt (SWSMI) handler that is not sufficiently validated to ensure that the CommBuffer (or any other communication buffer's nested contents) are not pointing to SMRAM contents. A potential attacker can therefore write fixed data to SMRAM, which could lead to data corruption inside this memory (e.g., change the SMI handler's code or modify SMRAM map structures to break input pointer validation for other SMI handlers). Thus, the attacker could elevate privileges from ring 0 to ring -2 and execute arbitrary code in SMM.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.004

EPSS Ranking 61.3%

CVSS Severity

CVSS v3 Score 7.8

CVSS v2 Score 7.2

References

Products affected by CVE-2022-28806

Fujitsu » Lifebook A3510 » Version: N/A

cpe:2.3:h:fujitsu:lifebook_a3510:-
Fujitsu » Lifebook E449 » Version: N/A

cpe:2.3:h:fujitsu:lifebook_e449:-
Fujitsu » Lifebook E459 » Version: N/A

cpe:2.3:h:fujitsu:lifebook_e459:-
Fujitsu » Lifebook E5510 » Version: N/A

cpe:2.3:h:fujitsu:lifebook_e5510:-
Fujitsu » Lifebook U7310 » Version: N/A

cpe:2.3:h:fujitsu:lifebook_u7310:-
Fujitsu » Lifebook U7311 » Version: N/A

cpe:2.3:h:fujitsu:lifebook_u7311:-
Fujitsu » Lifebook U7410 » Version: N/A

cpe:2.3:h:fujitsu:lifebook_u7410:-
Fujitsu » Lifebook U7411 » Version: N/A

cpe:2.3:h:fujitsu:lifebook_u7411:-
Fujitsu » Lifebook U7510 » Version: N/A

cpe:2.3:h:fujitsu:lifebook_u7510:-
Fujitsu » Lifebook U7511 » Version: N/A

cpe:2.3:h:fujitsu:lifebook_u7511:-
Fujitsu » Lifebook U9310 » Version: N/A

cpe:2.3:h:fujitsu:lifebook_u9310:-
Fujitsu » Lifebook U9311 » Version: N/A

cpe:2.3:h:fujitsu:lifebook_u9311:-
Fujitsu » Lifebook A3510 Firmware » Version: N/A

cpe:2.3:o:fujitsu:lifebook_a3510_firmware:-
Fujitsu » Lifebook E449 Firmware » Version: N/A

cpe:2.3:o:fujitsu:lifebook_e449_firmware:-
Fujitsu » Lifebook E459 Firmware » Version: N/A

cpe:2.3:o:fujitsu:lifebook_e459_firmware:-
Fujitsu » Lifebook E5510 Firmware » Version: N/A

cpe:2.3:o:fujitsu:lifebook_e5510_firmware:-
Fujitsu » Lifebook U7310 Firmware » Version: N/A

cpe:2.3:o:fujitsu:lifebook_u7310_firmware:-
Fujitsu » Lifebook U7311 Firmware » Version: N/A

cpe:2.3:o:fujitsu:lifebook_u7311_firmware:-
Fujitsu » Lifebook U7410 Firmware » Version: N/A

cpe:2.3:o:fujitsu:lifebook_u7410_firmware:-
Fujitsu » Lifebook U7411 Firmware » Version: N/A

cpe:2.3:o:fujitsu:lifebook_u7411_firmware:-
Fujitsu » Lifebook U7510 Firmware » Version: N/A

cpe:2.3:o:fujitsu:lifebook_u7510_firmware:-
Fujitsu » Lifebook U7511 Firmware » Version: N/A

cpe:2.3:o:fujitsu:lifebook_u7511_firmware:-
Fujitsu » Lifebook U9310 Firmware » Version: N/A

cpe:2.3:o:fujitsu:lifebook_u9310_firmware:-
Fujitsu » Lifebook U9311 Firmware » Version: N/A

cpe:2.3:o:fujitsu:lifebook_u9311_firmware:-

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-28806

Products

Pricing

Contact Us