CVE-2022-0247

Name: CVE-2022-0247
Creator: NVD / NIST
Published: 2022-02-25T11:15:07.933+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

MEDIUMCVSS 5.5/10EPSS 0.08%

Last modified Jun 17, 2026

CVE-2022-0247 is a medium-severity vulnerability rated 5.5/10 on the CVSS scale. An issue exists in Fuchsia where VMO data can be modified through access to copy-on-write snapshots. A local attacker could modify objects in the VMO that they do not have permission to. EPSS estimates a 0.08% chance of exploitation in the next 30 days.

Description

An issue exists in Fuchsia where VMO data can be modified through access to copy-on-write snapshots. A local attacker could modify objects in the VMO that they do not have permission to. We recommend upgrading past commit d97c05d2301799ed585620a9c5c739d36e7b5d3d or any of the listed versions.

Metrics

CVSS 3.1

5.5/10

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

EPSS Probability

0.08%

0.2th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

Vendor	Product	Versions
Google	Fuchsia	< 2022-01-03

References

https://fuchsia.googlesource.com/fuchsia/+/d97c05d2301799ed585620a9c5c739d36e7b5d3dMailing List, Patch, Vendor Advisory
https://fuchsia.googlesource.com/fuchsia/+/d97c05d2301799ed585620a9c5c739d36e7b5d3dMailing List, Patch, Vendor Advisory

Timeline

Published: Feb 25, 2022
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2022-0247?

How severe is CVE-2022-0247?

CVE-2022-0247 has a CVSS score of 5.5/10 (MEDIUM severity). The EPSS model estimates a 0.08% probability of exploitation in the next 30 days.

How do I fix CVE-2022-0247?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2022-0247?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST