First published: Tue May 03 2022(Updated: )
The Security Team discovered an integer overflow bug that allows an attacker with code execution to issue memory cache invalidation operations on pages that they don’t own, allowing them to control kernel memory from userspace. We recommend upgrading to kernel version 4.1 or beyond.
Credit: cve-coordination@google.com
Affected Software | Affected Version | How to fix |
---|---|---|
Google Fuchsia | <4.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-22556 is an integer overflow bug that allows an attacker with code execution to issue memory cache invalidation operations on pages that they don’t own, allowing them to control kernel memory from userspace.
CVE-2021-22556 has a severity score of 7.8, which is considered high.
To fix CVE-2021-22556, it is recommended to upgrade to kernel version 4.1 or beyond.
The affected software for CVE-2021-22556 is Google Fuchsia with versions up to and excluding 4.1.
More information about CVE-2021-22556 can be found at the following references: [Link 1](https://fuchsia-review.googlesource.com/c/fuchsia/+/570881) and [Link 2](https://fuchsia.dev/whats-new/release-notes/f4-1).