CVE-2022-28806

MITRE NVD CVE.ORG Print: PDF PDF

Summary

CVECVE-2022-28806
StatePUBLIC
Assigner[email protected]
Source PriorityCVE Program / NVD first with legacy fallback
Published2022-05-04 15:15:00 UTC
Updated2022-05-18 13:26:00 UTC
DescriptionAn issue was discovered on certain Fujitsu LIEFBOOK devices (A3510, U9310, U7511/U7411/U7311, U9311, E5510/E5410, U7510/U7410/U7310, E459/E449) with BIOS versions before v1.09 (A3510), v2.17 (U9310), v2.30 (U7511/U7411/U7311), v2.33 (U9311), v2.23 (E5510), v2.19 (U7510/U7410), v2.13 (U7310), and v1.09 (E459/E449). The FjGabiFlashCoreAbstractionSmm driver registers a Software System Management Interrupt (SWSMI) handler that is not sufficiently validated to ensure that the CommBuffer (or any other communication buffer's nested contents) are not pointing to SMRAM contents. A potential attacker can therefore write fixed data to SMRAM, which could lead to data corruption inside this memory (e.g., change the SMI handler's code or modify SMRAM map structures to break input pointer validation for other SMI handlers). Thus, the attacker could elevate privileges from ring 0 to ring -2 and execute arbitrary code in SMM.

Risk And Classification

Problem Types: CWE-787

NVD Known Affected Configurations (CPE 2.3)

TypeVendorProductVersionUpdateEditionLanguage
Hardware Fujitsu Lifebook A3510 - All All All
Operating System Fujitsu Lifebook A3510 Firmware All All All All
Hardware Fujitsu Lifebook E449 - All All All
Operating System Fujitsu Lifebook E449 Firmware All All All All
Hardware Fujitsu Lifebook E459 - All All All
Operating System Fujitsu Lifebook E459 Firmware All All All All
Hardware Fujitsu Lifebook E5510 - All All All
Operating System Fujitsu Lifebook E5510 Firmware All All All All
Hardware Fujitsu Lifebook U7310 - All All All
Operating System Fujitsu Lifebook U7310 Firmware All All All All
Hardware Fujitsu Lifebook U7311 - All All All
Operating System Fujitsu Lifebook U7311 Firmware All All All All
Hardware Fujitsu Lifebook U7410 - All All All
Operating System Fujitsu Lifebook U7410 Firmware All All All All
Hardware Fujitsu Lifebook U7411 - All All All
Operating System Fujitsu Lifebook U7411 Firmware All All All All
Hardware Fujitsu Lifebook U7510 - All All All
Operating System Fujitsu Lifebook U7510 Firmware All All All All
Hardware Fujitsu Lifebook U7511 - All All All
Operating System Fujitsu Lifebook U7511 Firmware All All All All
Hardware Fujitsu Lifebook U9310 - All All All
Operating System Fujitsu Lifebook U9310 Firmware All All All All
Hardware Fujitsu Lifebook U9311 - All All All
Operating System Fujitsu Lifebook U9311 Firmware All All All All

References

ReferenceSourceLinkTags
Fujitsu Technical Support pages from Fujitsu EMEA MISC support.ts.fujitsu.com
Binarly | AI-Powered Firmware Protection MISC www.binarly.io
VU#796611 - InsydeH2O UEFI software impacted by multiple vulnerabilities in SMM MISC kb.cert.org
Insyde社のUEFI(InsydeH2O)に関する脆弱性のお知らせ(CVE-2021-41837他) - FMWORLD(法人):富士通 MISC www.fmworld.net
CVE Program record CVE.ORG www.cve.org canonical
NVD vulnerability detail NVD nvd.nist.gov canonical, analysis
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report