CVE-2022-0882 MEDIUM

CVE-2022-0882: Illegal access to Kernel log in Fuchsia

Vendor Google Llc
Product Fuchsia Kernel
Weakness CWE-200 · Info exposure
Published May 3, 2022
Last update April 21, 2025

CVSS base score

5.3/10
Attack vector Local
Attack complexity High
Privileges required Low
User interaction Required
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:N/A:N

What the vulnerability does

01Description

A bug exists where an attacker can read the kernel log through exposed Zircon kernel addresses without the required capability ZX_RSRC_KIND_ROOT. It is recommended to upgrade the Fuchsia kernel to 4.1.1 or greater.

Key dates

02Disclosure timeline

May 3, 2022 CVE published
April 21, 2025 Record updated