CVE-2021-22556
5.3
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N
Summary
The Security Team discovered an integer overflow bug that allows an attacker with code execution to issue memory cache invalidation operations on pages that they don’t own, allowing them to control kernel memory from userspace. We recommend upgrading to kernel version 4.1 or beyond.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Google LLC | Fuchsia Kernel | unspecified < 4.1 | affected |
Weaknesses
- CWE-190: CWE-190 Integer Overflow or Wraparound
ADP Enrichment
CVE Program Container
Additional References
- https://fuchsia.dev/whats-new/release-notes/f4-1
- https://fuchsia-review.googlesource.com/c/fuchsia/+/570881
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
- https://fuchsia.dev/whats-new/release-notes/f4-1
- https://fuchsia-review.googlesource.com/c/fuchsia/+/570881
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.