Lucene search

GoogleCVELIST:CVE-2022-0247

HistoryFeb 25, 2022 - 11:10 a.m.

CVE-2022-0247 Write access to VMO data through copy-on-write in Fuchsia

2022-02-2511:10:09

CWE-732

Google

www.cve.org

cve-2022-0247

fuchsia

vmo data

CVSS3

7.5

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N

EPSS

Percentile

5.1%

JSON

An issue exists in Fuchsia where VMO data can be modified through access to copy-on-write snapshots. A local attacker could modify objects in the VMO that they do not have permission to. We recommend upgrading past commit d97c05d2301799ed585620a9c5c739d36e7b5d3d or any of the listed versions.

CNA Affected

[
  {
    "product": "Fuchsia",
    "vendor": "Google LLC",
    "versions": [
      {
        "lessThan": "4.1",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

fuchsia.googlesource.com/fuchsia/+/d97c05d2301799ed585620a9c5c739d36e7b5d3d

CVSS3

7.5

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N

EPSS

Percentile

5.1%

JSON

Related for CVELIST:CVE-2022-0247