An incorrect setting of UXN bits within mmu_flags_to_s1_pte_attr lead to privileged executable pages being mapped as executable from an unprivileged context. This can be leveraged by an attacker to bypass executability restrictions of kernel-mode pages from user-mode. An incorrect setting of PXN bits within mmu_flags_to_s1_pte_attr lead to unprivileged executable pages being mapped as executable from a privileged context. This can be leveraged by an attacker to bypass executability restrictions of user-mode pages from kernel-mode. Typically this allows a potential attacker to circumvent a mitigation, making exploitation of potential kernel-mode vulnerabilities easier. We recommend updating kernel beyond commit 7d731b4e9599088ac3073956933559da7bca6a00 and rebuilding.
References
Link | Resource |
---|---|
https://fuchsia.googlesource.com/fuchsia/+/7d731b4e9599088ac3073956933559da7bca6a00 | Mailing List Patch Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: Google
Published: 2022-01-18T14:10:10
Updated: 2024-06-04T17:15:27.163Z
Reserved: 2021-01-05T00:00:00
Link: CVE-2021-22566
JSON object: View
NVD Information
Status : Modified
Published: 2022-01-18T14:15:07.920
Modified: 2024-05-29T20:15:10.247
Link: CVE-2021-22566
JSON object: View
Redhat Information
No data.