5 matches found
CVE-2021-22556
CVE-2021-22556 affects the Fuchsia kernel. A integer overflow flaw lets a user with code execution issue memory cache invalidation on pages they don’t own, enabling control of kernel memory from userspace. Remediation per sources: upgrade to kernel version 4.1 or beyond. Other connected sources c...
CVE-2021-22566
The CVE concerns the Fuchsia kernel. An incorrect setting of UXN and PXN bits in mmu_flags_to_s1_pte_attr can cause privileged executable kernel-mode pages to be mapped as executable from user mode, and unprivileged pages to be treated as executable from kernel mode. This misuse can bypass execut...
CVE-2022-0882
CVE-2022-0882 affects the Fuchsia kernel (Zircon kernel addresses) and allows information disclosure: an attacker can read the kernel log via exposed Zircon kernel addresses without the required capability ZX_RSRC_KIND_ROOT. The issue is triggered by access to low-level kernel addressing, enablin...
CVE-2022-0247
CVE-2022-0247 affects Fuchsia where VMO data can be modified via copy-on-write snapshots. A local attacker could modify VMO objects they lack permission to access, impacting integrity (per CVSS/I). The issue is tied to the copy-on-write handling in VMO data paths. A fix is available by upgrading ...
CVE-2024-10604
CVE-2024-10604 affects Fuchsia’s network header field generation algorithms. Vulnerable components include the TCP Initial Sequence Number (ISN), TCP timestamp, TCP/UDP source ports, and IPv4/IPv6 fragment IDs, which can be guessed under certain circumstances. The available connected sources iden...