Incorrect mapping of Executable bits in Fuchsia Kernel
CVE-2021-22566

9.8CRITICAL

Key Information:

Vendor: Google
Status: Fuchsia
Vendor: CVE Published:; 18 January 2022

Summary

An incorrect setting of UXN bits within mmu_flags_to_s1_pte_attr lead to privileged executable pages being mapped as executable from an unprivileged context. This can be leveraged by an attacker to bypass executability restrictions of kernel-mode pages from user-mode. An incorrect setting of PXN bits within mmu_flags_to_s1_pte_attr lead to unprivileged executable pages being mapped as executable from a privileged context. This can be leveraged by an attacker to bypass executability restrictions of user-mode pages from kernel-mode. Typically this allows a potential attacker to circumvent a mitigation, making exploitation of potential kernel-mode vulnerabilities easier. We recommend updating kernel beyond commit 7d731b4e9599088ac3073956933559da7bca6a00 and rebuilding.

Affected Version(s)

Fuchsia 0 < 7d731b4e9599088ac3073956933559da7bca6a00

References

https://fuchsia.googlesource.com/fuchsia/+/7d731b4e959908...

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 18, 2022
Vulnerability Reserved
Jan 5, 2021

Collectors

NVD DatabaseMitre Database