First published: Wed May 04 2022(Updated: )
An issue was discovered on certain Fujitsu LIEFBOOK devices (A3510, U9310, U7511/U7411/U7311, U9311, E5510/E5410, U7510/U7410/U7310, E459/E449) with BIOS versions before v1.09 (A3510), v2.17 (U9310), v2.30 (U7511/U7411/U7311), v2.33 (U9311), v2.23 (E5510), v2.19 (U7510/U7410), v2.13 (U7310), and v1.09 (E459/E449). The FjGabiFlashCoreAbstractionSmm driver registers a Software System Management Interrupt (SWSMI) handler that is not sufficiently validated to ensure that the CommBuffer (or any other communication buffer's nested contents) are not pointing to SMRAM contents. A potential attacker can therefore write fixed data to SMRAM, which could lead to data corruption inside this memory (e.g., change the SMI handler's code or modify SMRAM map structures to break input pointer validation for other SMI handlers). Thus, the attacker could elevate privileges from ring 0 to ring -2 and execute arbitrary code in SMM.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Fujitsu Lifebook A3510 Firmware | <1.09 | |
Fujitsu Lifebook A3510 | ||
Fujitsu Lifebook U9310 Firmware | <2.17 | |
Fujitsu Lifebook U9310 | ||
Fujitsu Lifebook U7511 Firmware | <2.30 | |
Fujitsu Lifebook U7511 | ||
Fujitsu Lifebook U7411 Firmware | <2.30 | |
Fujitsu Lifebook U7411 | ||
Fujitsu Lifebook U7311 Firmware | <2.30 | |
Fujitsu Lifebook U7311 | ||
Fujitsu Lifebook U9311 Firmware | <=2.33 | |
Fujitsu Lifebook U9311 | ||
Fujitsu Lifebook E5510 Firmware | <2.23 | |
Fujitsu Lifebook E5510 | ||
Fujitsu Lifebook U7510 Firmware | <2.19 | |
Fujitsu Lifebook U7510 | ||
Fujitsu Lifebook U7410 Firmware | <2.19 | |
Fujitsu Lifebook U7410 | ||
Fujitsu Lifebook U7310 Firmware | <2.13 | |
Fujitsu Lifebook U7310 | ||
Fujitsu Lifebook E459 Firmware | <1.09 | |
Fujitsu Lifebook E459 | ||
Fujitsu Lifebook E449 Firmware | <1.09 | |
Fujitsu Lifebook E449 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-28806 is a vulnerability found in certain Fujitsu LIEFBOOK devices with outdated BIOS versions.
Certain Fujitsu LIEFBOOK devices including A3510, U9310, U7511/U7411/U7311, U9311, E5510/E5410, U7510/U7410/U7310, E459/E449 are affected by CVE-2022-28806.
CVE-2022-28806 has a severity rating of 7.8, which is considered high.
You can check if your device is vulnerable to CVE-2022-28806 by verifying the BIOS version against the affected versions mentioned in the vulnerability description.
To fix CVE-2022-28806, you need to update the BIOS of your Fujitsu LIEFBOOK device to the specified versions or later provided by Fujitsu.