Show plain JSON{"containers": {"cna": {"affected": [{"product": "Fuchsia Kernel", "vendor": "Google LLC", "versions": [{"lessThan": "4.1", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "The Security Team discovered an integer overflow bug that allows an attacker with code execution to issue memory cache invalidation operations on pages that they don\u2019t own, allowing them to control kernel memory from userspace. We recommend upgrading to kernel version 4.1 or beyond."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-190", "description": "CWE-190 Integer Overflow or Wraparound", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-05-03T15:50:11.000Z", "orgId": "14ed7db2-1595-443d-9d34-6215bf890778", "shortName": "Google"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://fuchsia.dev/whats-new/release-notes/f4-1"}, {"tags": ["x_refsource_MISC"], "url": "https://fuchsia-review.googlesource.com/c/fuchsia/+/570881"}], "source": {"discovery": "INTERNAL"}, "title": "Integer Overflow in Fuchsia Kernel", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@google.com", "ID": "CVE-2021-22556", "STATE": "PUBLIC", "TITLE": "Integer Overflow in Fuchsia Kernel"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Fuchsia Kernel", "version": {"version_data": [{"version_affected": "<", "version_value": "4.1"}]}}]}, "vendor_name": "Google LLC"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Security Team discovered an integer overflow bug that allows an attacker with code execution to issue memory cache invalidation operations on pages that they don\u2019t own, allowing them to control kernel memory from userspace. We recommend upgrading to kernel version 4.1 or beyond."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-190 Integer Overflow or Wraparound"}]}]}, "references": {"reference_data": [{"name": "https://fuchsia.dev/whats-new/release-notes/f4-1", "refsource": "MISC", "url": "https://fuchsia.dev/whats-new/release-notes/f4-1"}, {"name": "https://fuchsia-review.googlesource.com/c/fuchsia/+/570881", "refsource": "MISC", "url": "https://fuchsia-review.googlesource.com/c/fuchsia/+/570881"}]}, "source": {"discovery": "INTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T18:44:13.719Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://fuchsia.dev/whats-new/release-notes/f4-1"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://fuchsia-review.googlesource.com/c/fuchsia/+/570881"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-04-21T13:36:25.693251Z", "id": "CVE-2021-22556", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-21T13:54:07.544Z"}}]}, "cveMetadata": {"assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778", "assignerShortName": "Google", "cveId": "CVE-2021-22556", "datePublished": "2022-05-03T15:50:11.000Z", "dateReserved": "2021-01-05T00:00:00.000Z", "dateUpdated": "2025-04-21T13:54:07.544Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}