JVNVU#96854657
Out-of-bounds write vulnerability in Fujitsu BIOS Driver (fbiosdrv.sys)
Overview
Fujitsu BIOS Driver (fbiosdrv.sys) provided by Fujitsu Limited contains an out-of-bounds write vulnerability.
Products Affected
- The following devices with Fujitsu BIOS Driver (fbiosdrv.sys) versions prior to v2.5.0.0
- Fujitsu ESPRIMO
- FUTRO
- CELSIUS
- LIFEBOOK
- STYLISTIC
- ARROWS Tab
Description
Fujitsu BIOS Driver (fbiosdrv.sys) provided by Fujitsu Limited contains the following vulnerability.
- Out-of-bounds Write (CWE-787)
- CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H Base Score 9.3
- CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H Base Score 8.2
- CVE-2025-65001
Impact
Receiving a specially crafted request created and sent by a remote authenticated attacker with an administrative privilege may lead to arbitrary code execution and/or a denial-of-service (DoS) condition.
Solution
Update the firmware
Update the firmware to the latest version according to the information provided by the developer.
The developer has released Fujitsu BIOS Driver version v2.5.0.0 or later that address the vulnerability.
The firmware update will be automatically applied when the devices are connected to internet.
Vendor Status
| Vendor | Status | Last Update | Vendor Notes |
|---|---|---|---|
| Fujitsu Limited | Vulnerable | 2026/02/27 | Fujitsu Limited website |
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
Credit
Fujitsu Limited reported this vulnerability to JPCERT/CC to notify users of its solution through JVN.