CVE-2022-0247 HIGH

CVE-2022-0247: Write access to VMO data through copy-on-write in Fuchsia

Vendor Google Llc
Product Fuchsia
Weakness CWE-732
Published February 25, 2022
Last update April 21, 2025

CVSS base score

7.5/10
Attack vector Local
Attack complexity High
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N

What the vulnerability does

01Description

An issue exists in Fuchsia where VMO data can be modified through access to copy-on-write snapshots. A local attacker could modify objects in the VMO that they do not have permission to. We recommend upgrading past commit d97c05d2301799ed585620a9c5c739d36e7b5d3d or any of the listed versions.

Key dates

02Disclosure timeline

February 25, 2022 CVE published
April 21, 2025 Record updated