Lucene search

GoogleCVELIST:CVE-2022-0882

HistoryMay 03, 2022 - 3:50 p.m.

CVE-2022-0882 Illegal access to Kernel log in Fuchsia

2022-05-0315:50:13

CWE-200

Google

www.cve.org

cve-2022-0882; illegal access; kernel log; fuchsia; bug; reading; zircon kernel addresses; zx_rsrc_kind_root; upgrade; 4.1.1 or greater

CVSS3

5.3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:N/A:N

AI Score

5.6

Confidence

High

EPSS

0.001

Percentile

17.8%

JSON

A bug exists where an attacker can read the kernel log through exposed Zircon kernel addresses without the required capability ZX_RSRC_KIND_ROOT. It is recommended to upgrade the Fuchsia kernel to 4.1.1 or greater.

CNA Affected

[
  {
    "product": "Fuchsia Kernel",
    "vendor": "Google LLC",
    "versions": [
      {
        "lessThan": "4.1.1",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

bugs.fuchsia.dev/p/fuchsia/issues/detail?id=94740

CVSS3

5.3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:N/A:N

AI Score

5.6

Confidence

High

EPSS

0.001

Percentile

17.8%

JSON

Related for CVELIST:CVE-2022-0882