Lucene search

[email protected]NVD:CVE-2022-0247

HistoryFeb 25, 2022 - 11:15 a.m.

CVE-2022-0247

2022-02-2511:15:07

CWE-732

[email protected]

web.nvd.nist.gov

fuchsia

vmo data

copy-on-write snapshots

local attacker

permission

upgrade

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:P/A:N

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

EPSS

Percentile

5.1%

JSON

An issue exists in Fuchsia where VMO data can be modified through access to copy-on-write snapshots. A local attacker could modify objects in the VMO that they do not have permission to. We recommend upgrading past commit d97c05d2301799ed585620a9c5c739d36e7b5d3d or any of the listed versions.

Affected configurations

Nvd

Node

googlefuchsiaRange<2022-01-03

VendorProductVersionCPE
googlefuchsia*cpe:2.3:o:google:fuchsia:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
google	fuchsia	*	cpe:2.3:o:google:fuchsia::::::::

References

fuchsia.googlesource.com/fuchsia/+/d97c05d2301799ed585620a9c5c739d36e7b5d3d

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:P/A:N

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

EPSS

Percentile

5.1%

JSON

Related for NVD:CVE-2022-0247

cvelist1 prion1 cve1 cnvd1