CVE-2021-22556
MEDIUMFuchsia < 4.1 - Integer Overflow in Memory Cache Invalidation
Title source: llmDescription
The Security Team discovered an integer overflow bug that allows an attacker with code execution to issue memory cache invalidation operations on pages that they don’t own, allowing them to control kernel memory from userspace. We recommend upgrading to kernel version 4.1 or beyond.
References (2)
Core 2
Core References
Release Notes, Vendor Advisory x_refsource_misc
https://fuchsia.dev/whats-new/release-notes/f4-1
Issue Tracking, Patch, Third Party Advisory x_refsource_misc
https://fuchsia-review.googlesource.com/c/fuchsia/+/570881
Scores
CVSS v3
5.3
EPSS
0.0015
EPSS Percentile
4.9%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-190
Status
published
Products (1)
google/fuchsia
< 4.1
Published
May 03, 2022
Tracked Since
Feb 18, 2026