Fuchsia
CVE-2022-0247
MEDIUM
Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Lifecycle Timeline
1DescriptionNVD
An issue exists in Fuchsia where VMO data can be modified through access to copy-on-write snapshots. A local attacker could modify objects in the VMO that they do not have permission to. We recommend upgrading past commit d97c05d2301799ed585620a9c5c739d36e7b5d3d or any of the listed versions.
AnalysisAI
An issue exists in Fuchsia where VMO data can be modified through access to copy-on-write snapshots. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.
Technical ContextAI
This vulnerability is classified as Incorrect Permission Assignment (CWE-732), which allows attackers to access resources due to misconfigured permissions. An issue exists in Fuchsia where VMO data can be modified through access to copy-on-write snapshots. A local attacker could modify objects in the VMO that they do not have permission to. We recommend upgrading past commit d97c05d2301799ed585620a9c5c739d36e7b5d3d or any of the listed versions. Affected products include: Google Fuchsia.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Review and restrict file/resource permissions, apply principle of least privilege.
A bug exists where an attacker can read the kernel log through exposed Zircon kernel addresses without the required capa
Vulnerabilities in the algorithms used by Fuchsia to populate network protocol header fields, specifically the TCP ISN,
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today