Lucene search

GoogleCVELIST:CVE-2021-22556

HistoryMay 03, 2022 - 3:50 p.m.

CVE-2021-22556 Integer Overflow in Fuchsia Kernel

2022-05-0315:50:11

CWE-190

Google

www.cve.org

cve-2021-22556

security team

code execution

memory cache

kernel version 4.1

CVSS3

5.3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N

EPSS

Percentile

14.2%

JSON

The Security Team discovered an integer overflow bug that allows an attacker with code execution to issue memory cache invalidation operations on pages that they don’t own, allowing them to control kernel memory from userspace. We recommend upgrading to kernel version 4.1 or beyond.

CNA Affected

[
  {
    "product": "Fuchsia Kernel",
    "vendor": "Google LLC",
    "versions": [
      {
        "lessThan": "4.1",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

fuchsia-review.googlesource.com/c/fuchsia/+/570881

fuchsia.dev/whats-new/release-notes/f4-1

CVSS3

5.3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N

EPSS

Percentile

14.2%

JSON

Related for CVELIST:CVE-2021-22556