CVE-2021-22556 MEDIUM

CVE-2021-22556: Integer Overflow in Fuchsia Kernel

Vendor Google Llc
Product Fuchsia Kernel
Weakness CWE-190
Published May 3, 2022
Last update April 21, 2025

CVSS base score

5.3/10
Attack vector Local
Attack complexity High
Privileges required Low
User interaction None
Confidentiality High
Integrity Low

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N

What the vulnerability does

01Description

The Security Team discovered an integer overflow bug that allows an attacker with code execution to issue memory cache invalidation operations on pages that they don’t own, allowing them to control kernel memory from userspace. We recommend upgrading to kernel version 4.1 or beyond.

Key dates

02Disclosure timeline

May 3, 2022 CVE published
April 21, 2025 Record updated