{"api_version":"1","generated_at":"2026-04-23T06:20:36+00:00","cve":"CVE-2021-22556","urls":{"html":"https://cve.report/CVE-2021-22556","api":"https://cve.report/api/cve/CVE-2021-22556.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2021-22556","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2021-22556"},"summary":{"title":"CVE-2021-22556","description":"The Security Team discovered an integer overflow bug that allows an attacker with code execution to issue memory cache invalidation operations on pages that they don’t own, allowing them to control kernel memory from userspace. We recommend upgrading to kernel version 4.1 or beyond.","state":"PUBLIC","assigner":"security@google.com","published_at":"2022-05-03 16:15:00","updated_at":"2022-05-10 23:56:00"},"problem_types":["CWE-190"],"metrics":[],"references":[{"url":"https://fuchsia.dev/whats-new/release-notes/f4-1","name":"https://fuchsia.dev/whats-new/release-notes/f4-1","refsource":"MISC","tags":[],"title":"Fuchsia F4.1 release notes","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://fuchsia-review.googlesource.com/c/fuchsia/+/570881","name":"https://fuchsia-review.googlesource.com/c/fuchsia/+/570881","refsource":"MISC","tags":[],"title":"","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2021-22556","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-22556","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2021","cve_id":"22556","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"google","cpe5":"fuchsia","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"security@google.com","ID":"CVE-2021-22556","STATE":"PUBLIC","TITLE":"Integer Overflow in Fuchsia Kernel"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"Fuchsia Kernel","version":{"version_data":[{"version_affected":"<","version_value":"4.1"}]}}]},"vendor_name":"Google LLC"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"The Security Team discovered an integer overflow bug that allows an attacker with code execution to issue memory cache invalidation operations on pages that they don’t own, allowing them to control kernel memory from userspace. We recommend upgrading to kernel version 4.1 or beyond."}]},"generator":{"engine":"Vulnogram 0.0.9"},"impact":{"cvss":{"attackComplexity":"HIGH","attackVector":"LOCAL","availabilityImpact":"NONE","baseScore":5.3,"baseSeverity":"MEDIUM","confidentialityImpact":"HIGH","integrityImpact":"LOW","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N","version":"3.1"}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-190 Integer Overflow or Wraparound"}]}]},"references":{"reference_data":[{"refsource":"MISC","url":"https://fuchsia.dev/whats-new/release-notes/f4-1","name":"https://fuchsia.dev/whats-new/release-notes/f4-1"},{"refsource":"MISC","url":"https://fuchsia-review.googlesource.com/c/fuchsia/+/570881","name":"https://fuchsia-review.googlesource.com/c/fuchsia/+/570881"}]},"source":{"discovery":"INTERNAL"}},"nvd":{"publishedDate":"2022-05-03 16:15:00","lastModifiedDate":"2022-05-10 23:56:00","problem_types":["CWE-190"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":7.8,"baseSeverity":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:P/A:P","accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL","baseScore":4.6},"severity":"MEDIUM","exploitabilityScore":3.9,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:google:fuchsia:*:*:*:*:*:*:*:*","versionEndExcluding":"4.1","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2021","CveId":"22556","Ordinal":"197261","Title":"CVE-2021-22556","CVE":"CVE-2021-22556","Year":"2021"},"notes":[{"CveYear":"2021","CveId":"22556","Ordinal":"1","NoteData":"** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.","Type":"Description","Title":null}]}}}