CVE-2021-22556

CWE-190Integer Overflow3 documents3 sources
Severity
7.8HIGH
EPSS
0.0%
top 96.67%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Google LLC Fuchsia KernelGoogle Fuchsia
Timeline
PublishedMay 3
Latest updateMay 4

Description

The Security Team discovered an integer overflow bug that allows an attacker with code execution to issue memory cache invalidation operations on pages that they don’t own, allowing them to control kernel memory from userspace. We recommend upgrading to kernel version 4.1 or beyond.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:NExploitability: 1.0 | Impact: 4.2

Affected Packages2 packages

CVEListV5google_llc/fuchsia_kernelunspecified4.1
NVDgoogle/fuchsia< 4.1

Patches

Patch: fuchsia-review.googlesource.comPatch: fuchsia-review.googlesource.com

🔴Vulnerability Details

2
GHSA
GHSA-cgfp-g9xr-gj33: The Security Team discovered an integer overflow bug that allows an attacker with code execution to issue memory cache invalidation operations on page2022-05-04
CVEList
Integer Overflow in Fuchsia Kernel2022-05-03
CVE-2021-22556 (HIGH CVSS 7.8) | The Security Team discovered an int | cvebase.io