CVE-2022-28806

{"id": "CVE-2022-28806", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2022-05-04T15:15:13.083", "references": [{"url": "http://www.fmworld.net/biz/common/insyde/20220210/", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://kb.cert.org/vuls/id/796611", "tags": ["Third Party Advisory", "US Government Resource"], "source": "cve@mitre.org"}, {"url": "https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-FCCL-IS-2021-090903-Security-Advisory.asp", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.binarly.io/advisories", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-787"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered on certain Fujitsu LIEFBOOK devices (A3510, U9310, U7511/U7411/U7311, U9311, E5510/E5410, U7510/U7410/U7310, E459/E449) with BIOS versions before v1.09 (A3510), v2.17 (U9310), v2.30 (U7511/U7411/U7311), v2.33 (U9311), v2.23 (E5510), v2.19 (U7510/U7410), v2.13 (U7310), and v1.09 (E459/E449). The FjGabiFlashCoreAbstractionSmm driver registers a Software System Management Interrupt (SWSMI) handler that is not sufficiently validated to ensure that the CommBuffer (or any other communication buffer's nested contents) are not pointing to SMRAM contents. A potential attacker can therefore write fixed data to SMRAM, which could lead to data corruption inside this memory (e.g., change the SMI handler's code or modify SMRAM map structures to break input pointer validation for other SMI handlers). Thus, the attacker could elevate privileges from ring 0 to ring -2 and execute arbitrary code in SMM."}, {"lang": "es", "value": "Se ha detectado un problema en determinados dispositivos Fujitsu LIEFBOOK (A3510, U9310, U7511/U7411/U7311, U9311, E5510/E5410, U7510/U7410/U7310, E459/E449) con versiones de BIOS anteriores a v1. 09 (A3510), v2.17 (U9310), v2.30 (U7511/U7411/U7311), v2.33 (U9311), v2.23 (E5510), v2.19 (U7510/U7410), v2.13 (U7310) y v1.09 (E459/E449). El controlador FjGabiFlashCoreAbstractionSmm registra un administrador de interrupciones del sistema de software (SWSMI) que no est\u00e1 suficientemente comprobado para garantizar que el CommBuffer (o cualquier otro contenido anidado del b\u00fafer de comunicaci\u00f3n) no apunte al contenido de la SMRAM. Por lo tanto, un atacante potencial puede escribir datos fijos en la SMRAM, lo que podr\u00eda conllevar a una corrupci\u00f3n de datos dentro de esta memoria (por ejemplo, cambiar el c\u00f3digo del manejador SMI o modificar las estructuras del mapa de la SMRAM para romper la comprobaci\u00f3n del puntero de entrada para otros manejadores SMI). As\u00ed, el atacante podr\u00eda elevar los privilegios del anillo 0 al anillo -2 y ejecutar c\u00f3digo arbitrario en SMM"}], "lastModified": "2022-05-18T13:26:13.097", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:fujitsu:lifebook_a3510_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7D096965-BEEB-4765-936A-76C0205F7A87", "versionEndExcluding": "1.09"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:fujitsu:lifebook_a3510:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E350519E-9115-4D02-9A3F-279E44DCADB1"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:fujitsu:lifebook_u9310_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5D3C820F-9E6B-44EF-B58F-4C536E890850", "versionEndExcluding": "2.17"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:fujitsu:lifebook_u9310:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D35E7F86-B70C-4302-AA7A-515AAAB86CE6"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:fujitsu:lifebook_u7511_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EC993E4D-97AC-41FD-818B-B8832DD7C4E7", "versionEndExcluding": "2.30"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:fujitsu:lifebook_u7511:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2159F29A-0476-4FA7-A07F-9CE3AE33E47D"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:fujitsu:lifebook_u7411_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "99274445-0E1E-4A58-9528-F636946B648F", "versionEndExcluding": "2.30"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:fujitsu:lifebook_u7411:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2A32407A-912C-4784-954F-A85F73110212"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:fujitsu:lifebook_u7311_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "897A232F-8958-41A6-917D-02F901540289", "versionEndExcluding": "2.30"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:fujitsu:lifebook_u7311:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "9584201E-5DE4-4681-90A6-589F5EE117D3"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:fujitsu:lifebook_u9311_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0EDC0F4E-9A7C-4F2B-A34B-603EF460CC70", "versionEndIncluding": "2.33"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:fujitsu:lifebook_u9311:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "BA8985F9-8E4E-42DE-A9A1-CAEEAC4B17BD"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:fujitsu:lifebook_e5510_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D27DBACF-7E52-46D1-94A2-FD5041310888", "versionEndExcluding": "2.23"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:fujitsu:lifebook_e5510:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "FDE4F1F0-2223-4CFB-9219-20B63CF9BE1D"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:fujitsu:lifebook_u7510_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "41388C68-4EB9-4E5E-8F61-F4826609C6BB", "versionEndExcluding": "2.19"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:fujitsu:lifebook_u7510:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "1A584B2A-F13D-4A11-A7C1-4497C8239F73"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:fujitsu:lifebook_u7410_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "605C3126-9A9F-446E-88C6-BCD21B0A1247", "versionEndExcluding": "2.19"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:fujitsu:lifebook_u7410:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "97EFBF8D-46E1-4E35-A391-862993FF1345"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:fujitsu:lifebook_u7310_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E4AB1A5A-E22F-4912-8479-89384E204AE0", "versionEndExcluding": "2.13"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:fujitsu:lifebook_u7310:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "71967660-6F2B-4BAA-9206-F19679C060FD"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:fujitsu:lifebook_e459_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "21DEA6EC-7312-41DA-8B8F-06DF92318183", "versionEndExcluding": "1.09"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:fujitsu:lifebook_e459:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "EB67EF37-09DF-44F7-A59D-C6EA8BAA1DDB"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:fujitsu:lifebook_e449_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "49CF53D0-A2F0-4FFC-AB1F-A8DCE0DA367A", "versionEndExcluding": "1.09"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:fujitsu:lifebook_e449:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "6AA9D37D-FFE8-42FE-A574-F183B72DD10F"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}