Write access to VMO data through copy-on-write in Fuchsia
CVE-2022-0247

7.5HIGH

Key Information:

Vendor: Google
Status: Fuchsia
Vendor: CVE Published:; 25 February 2022

What is CVE-2022-0247?

An issue exists in Fuchsia where VMO data can be modified through access to copy-on-write snapshots. A local attacker could modify objects in the VMO that they do not have permission to. We recommend upgrading past commit d97c05d2301799ed585620a9c5c739d36e7b5d3d or any of the listed versions.

Affected Version(s)

Fuchsia < 4.1

References

https://fuchsia.googlesource.com/fuchsia/+/d97c05d2301799...

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 25, 2022
Vulnerability Reserved
Jan 17, 2022

Google

What is CVE-2022-0247?

Affected Version(s)

References

CVSS V3.1

Timeline