An attacker with local privileged access can exploit this vulnerability to read the contents of the physical memory and use this information to exploit other vulnerabilities in DXE. A malicious code installed as a result of the vulnerability exploitation in a DXE driver could survive across an operating system (OS) boot process and runtime or modify NVRAM area on SPI flash storage (to gain persistence on target platform). Additionally, this vulnerability potentially could be used by threat actors to bypass OS security mechanisms (modify privileged memory or runtime variables), influence on the OS boot process, and in some cases would allow an attacker to hook or modify EFI Runtime services.
This vulnerability was detected by the Deep Vulnerability Analysis (DVA) component from Binarly Platform
Binarly REsearch Team has discovered a SMM memory corruption vulnerability in a Fujitsu device allowing a possible attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.
Device name | Unpacked firmware SHA256 | Firmware version | IBV | Module name | Module GUID | Module SHA256 | Module kind |
---|---|---|---|---|---|---|---|
STYLISTIC Q739 | fc7721316290cc58a177d8fd530215652609528d5afc3eed9a29282a5e5509d6 | 2.18 | Insyde | StorageSecurityCommandDxe | 70d57d67-7f05-494d-a014-b75d7345b700 | c93e4b4e5962d689a0e8c075f2ee5c21e6f3ae1a7438f65645ed16cac12d26c3 | CombinedSmmDxe |
LIFEBOOK A3510 | 9c9c6b24f4cafc078e00a46b4ee4ecb4f4eba5d8d04b8b77e41da6862ea9cbc0 | 1.13 | Insyde | StorageSecurityCommandDxe | 70d57d67-7f05-494d-a014-b75d7345b700 | 79deccfc57b4615ddbb7f6e6f4deb044a5419eeab731e84b66544be6ac5f6bd4 | CombinedSmmDxe |
STYLISTIC Q738 | 4f91b0aefd3cfd44d839c2a4bec6cb96e642d220df43542fe93bd79888ba3deb | 1.18 | Insyde | StorageSecurityCommandDxe | 70d57d67-7f05-494d-a014-b75d7345b700 | 901eda690697d617b60e7fcae40857a99b04d056b7106200b7f08b74aaa5bcd3 | CombinedSmmDxe |
LIFEBOOK P728 | 0a1f9bb3f9fc27dfbce3ddd80538488113bc335ba549dadea33c3f99fd0c2e23 | 1.22 | Insyde | StorageSecurityCommandDxe | 70d57d67-7f05-494d-a014-b75d7345b700 | 901eda690697d617b60e7fcae40857a99b04d056b7106200b7f08b74aaa5bcd3 | CombinedSmmDxe |
LIFEBOOK U758 | 51c8f4b3ffb9c3b77c9bbb4eb6d0f873ef23d6bf51a1aa29e47e56cb45ebc1ff | 1.27 | Insyde | StorageSecurityCommandDxe | 70d57d67-7f05-494d-a014-b75d7345b700 | b6ca91f46a20784bdfb801db3399ee2c8ec545f724f19aa2828608c19501dd69 | CombinedSmmDxe |
LIFEBOOK U747 6th Gen | df6a8316a6ed5faa82b29e9adc536c8690c25bfa0d919b1cccd21f7acd5e145a | 1.21 | Insyde | StorageSecurityCommandDxe | 70d57d67-7f05-494d-a014-b75d7345b700 | 901eda690697d617b60e7fcae40857a99b04d056b7106200b7f08b74aaa5bcd3 | CombinedSmmDxe |
LIFEBOOK U937 | 120c3697d39e682909ea5158936034db331070054478677e97ac47a35a8042a1 | 1.26 | Insyde | StorageSecurityCommandDxe | 70d57d67-7f05-494d-a014-b75d7345b700 | 901eda690697d617b60e7fcae40857a99b04d056b7106200b7f08b74aaa5bcd3 | CombinedSmmDxe |
LIFEBOOK T938 | 5cebe3bbe58f12cd8463ab158779fd234866577b3caa0986ba08d30db44fbb20 | 1.21 | Insyde | StorageSecurityCommandDxe | 70d57d67-7f05-494d-a014-b75d7345b700 | 901eda690697d617b60e7fcae40857a99b04d056b7106200b7f08b74aaa5bcd3 | CombinedSmmDxe |
LIFEBOOK P727 | 742561424f3c97f23758a71e66547e6b75197fc651fd42d0cac16b4916cd2946 | 1.26 | Insyde | StorageSecurityCommandDxe | 70d57d67-7f05-494d-a014-b75d7345b700 | 901eda690697d617b60e7fcae40857a99b04d056b7106200b7f08b74aaa5bcd3 | CombinedSmmDxe |
LIFEBOOK T937 | f6d59010a9d79bfbe25dede2eb5b8dd4303f9ff8dd1ec74c5384a4b488bf66b3 | 1.27 | Insyde | StorageSecurityCommandDxe | 70d57d67-7f05-494d-a014-b75d7345b700 | 901eda690697d617b60e7fcae40857a99b04d056b7106200b7f08b74aaa5bcd3 | CombinedSmmDxe |
LIFEBOOK U747 | bd1e9d7f4fbcd6ce428a7626cfc156367dc4853606eab4a671bb56ff769eea34 | 1.31 | Insyde | StorageSecurityCommandDxe | 70d57d67-7f05-494d-a014-b75d7345b700 | b6ca91f46a20784bdfb801db3399ee2c8ec545f724f19aa2828608c19501dd69 | CombinedSmmDxe |
LIFEBOOK S937 | 3a15b1495893966ac363c59b40d1e292f1d7baca7aedcd62dd4a520a3951e44a | 1.21 | Insyde | StorageSecurityCommandDxe | 70d57d67-7f05-494d-a014-b75d7345b700 | 901eda690697d617b60e7fcae40857a99b04d056b7106200b7f08b74aaa5bcd3 | CombinedSmmDxe |
LIFEBOOK U939 (BLACK, RED) | a4a0d485c8bf3ab7f841543a4b4eb8d1a0fab3acd18a9364ac682cb3b354ee8a | 2.2 | Insyde | StorageSecurityCommandDxe | 70d57d67-7f05-494d-a014-b75d7345b700 | c93e4b4e5962d689a0e8c075f2ee5c21e6f3ae1a7438f65645ed16cac12d26c3 | CombinedSmmDxe |
CELSIUS H7510 | 105afe7aa90d14ecf48c61d1b60ca2657bac0d15d5cafc64aee3051db8c869db | 1.13 | Insyde | StorageSecurityCommandDxe | 70d57d67-7f05-494d-a014-b75d7345b700 | 79deccfc57b4615ddbb7f6e6f4deb044a5419eeab731e84b66544be6ac5f6bd4 | CombinedSmmDxe |
CELSIUS H770 | af200fcf1fa19a065c86c2ee1808d67a1de3dba3e566f388925f441ad1c25a0b | 1.26 | Insyde | StorageSecurityCommandDxe | 70d57d67-7f05-494d-a014-b75d7345b700 | 901eda690697d617b60e7fcae40857a99b04d056b7106200b7f08b74aaa5bcd3 | CombinedSmmDxe |
LIFEBOOK E547 | ec6a61357892d9ad6cecf6565947fe36215b87ee0907aa396fc57ca4c3967e37 | 1.22 | Insyde | StorageSecurityCommandDxe | 70d57d67-7f05-494d-a014-b75d7345b700 | 901eda690697d617b60e7fcae40857a99b04d056b7106200b7f08b74aaa5bcd3 | CombinedSmmDxe |
STYLISTIC V727 | b6cd4a6459cb5c5598e83b4000d25decef379657e067520d0db545af0bbd6dfe | 1.26 | Insyde | StorageSecurityCommandDxe | 70d57d67-7f05-494d-a014-b75d7345b700 | 901eda690697d617b60e7fcae40857a99b04d056b7106200b7f08b74aaa5bcd3 | CombinedSmmDxe |
LIFEBOOK U939X (BLACK, RED) | f32195a473344f1f61ca942966bb90bab48204d9c159fdd26e0463bbcb2b6b4f | 2.23 | Insyde | StorageSecurityCommandDxe | 70d57d67-7f05-494d-a014-b75d7345b700 | c93e4b4e5962d689a0e8c075f2ee5c21e6f3ae1a7438f65645ed16cac12d26c3 | CombinedSmmDxe |
LIFEBOOK E458 | 3fdade3dad6e8b360b167bfab6809668e978201bdecf669981f0b2cf94b75153 | 1.24 | Insyde | StorageSecurityCommandDxe | 70d57d67-7f05-494d-a014-b75d7345b700 | 901eda690697d617b60e7fcae40857a99b04d056b7106200b7f08b74aaa5bcd3 | CombinedSmmDxe |
LIFEBOOK T939 | 2031ebddf840f721a6054142a1b26d39fb66f6ea1f07c7848eaab17e46c2b4a1 | 2.17 | Insyde | StorageSecurityCommandDxe | 70d57d67-7f05-494d-a014-b75d7345b700 | c93e4b4e5962d689a0e8c075f2ee5c21e6f3ae1a7438f65645ed16cac12d26c3 | CombinedSmmDxe |
LIFEBOOK U749 | 034e8072b13718fdd5975b90ff8af0ed83a3ed75cb57d5f0e551d8594225d7c6 | 2.27 | Insyde | StorageSecurityCommandDxe | 70d57d67-7f05-494d-a014-b75d7345b700 | c93e4b4e5962d689a0e8c075f2ee5c21e6f3ae1a7438f65645ed16cac12d26c3 | CombinedSmmDxe |
LIFEBOOK E559 | d1bcd6291c4de1033fd46330d73c5dfe8a9a988a36d548ff00aed75ab075d6c4 | 2.22 | Insyde | StorageSecurityCommandDxe | 70d57d67-7f05-494d-a014-b75d7345b700 | c93e4b4e5962d689a0e8c075f2ee5c21e6f3ae1a7438f65645ed16cac12d26c3 | CombinedSmmDxe |
LIFEBOOK E449 | 7794a7d2beb3573a4267c3bfd6180f395042d1eecd3e56cfb0f59ffa3201fa65 | 1.12 | Insyde | StorageSecurityCommandDxe | 70d57d67-7f05-494d-a014-b75d7345b700 | 901eda690697d617b60e7fcae40857a99b04d056b7106200b7f08b74aaa5bcd3 | CombinedSmmDxe |
LIFEBOOK U728 | 70be8159c33280abd6a47b3e4c54e73853d35bf1f30396fad3569f0b32a72885 | 1.28 | Insyde | StorageSecurityCommandDxe | 70d57d67-7f05-494d-a014-b75d7345b700 | 901eda690697d617b60e7fcae40857a99b04d056b7106200b7f08b74aaa5bcd3 | CombinedSmmDxe |
LIFEBOOK E557 vPro | 5a0f060b8fe3eb88b05707e486dc4b01d5365df4a37a59ccff61bdf2727b44f7 | 1.26 | Insyde | StorageSecurityCommandDxe | 70d57d67-7f05-494d-a014-b75d7345b700 | 901eda690697d617b60e7fcae40857a99b04d056b7106200b7f08b74aaa5bcd3 | CombinedSmmDxe |
LIFEBOOK A3511 | 4eb7a6577974e0a7527bb762906602387b2f2e10d530cb3e9a664a624ac22b8a | 1.11 | Insyde | StorageSecurityCommandDxe | 70d57d67-7f05-494d-a014-b75d7345b700 | 6de60437bd9dba4327515e5362aa9957adf0d578ef30050ea1ec261d526419c6 | CombinedSmmDxe |
LIFEBOOK S938 | 80add3e6396559f8819af060c6e29826c877e386948a09d4412202c9607bcb65 | 1.22 | Insyde | StorageSecurityCommandDxe | 70d57d67-7f05-494d-a014-b75d7345b700 | 901eda690697d617b60e7fcae40857a99b04d056b7106200b7f08b74aaa5bcd3 | CombinedSmmDxe |
LIFEBOOK U727 | a1f89866b257767599ee7ac9e5983e1661689d25f2b8da0646553bd3f5c5c14b | 1.32 | Insyde | StorageSecurityCommandDxe | 70d57d67-7f05-494d-a014-b75d7345b700 | 901eda690697d617b60e7fcae40857a99b04d056b7106200b7f08b74aaa5bcd3 | CombinedSmmDxe |
LIFEBOOK U938 | edc048167fa29fc64738219dbcdb243264e95f1c42f391a0454ad2c66f0a9ee5 | 1.29 | Insyde | StorageSecurityCommandDxe | 70d57d67-7f05-494d-a014-b75d7345b700 | 901eda690697d617b60e7fcae40857a99b04d056b7106200b7f08b74aaa5bcd3 | CombinedSmmDxe |
LIFEBOOK E548 | 55689016cfe7ea6221d1849648db43c6ceb4962bb4f6853e72d76b50915e7d14 | 1.25 | Insyde | StorageSecurityCommandDxe | 70d57d67-7f05-494d-a014-b75d7345b700 | 901eda690697d617b60e7fcae40857a99b04d056b7106200b7f08b74aaa5bcd3 | CombinedSmmDxe |
Disclosure Activity | Date (YYYY-mm-dd) |
---|---|
Fujitsu PSIRT is notified | 2023-12-22 |
Fujitsu PSIRT informed Insyde | 2024-01-22 |
Insyde PSIRT confirmed issue | 2024-01-24 |
Insyde PSIRT provide patch release | 2024-05-13 |
Binarly Public Disclosure Date | 2024-06-17 |
Binarly REsearch Team