How severe is CVE-2021-22566?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 9.8 out of 10.

What type of vulnerability is CVE-2021-22566?

This is classified as CWE-275, which is a common weakness in software security.

CVE-2021-22566 - MEDIUM Severity | CVSS 9.8

Vulnerability Description

An incorrect setting of UXN bits within mmu_flags_to_s1_pte_attr lead to privileged executable pages being mapped as executable from an unprivileged context. This can be leveraged by an attacker to bypass executability restrictions of kernel-mode pages from user-mode. An incorrect setting of PXN bits within mmu_flags_to_s1_pte_attr lead to unprivileged executable pages being mapped as executable from a privileged context. This can be leveraged by an attacker to bypass executability restrictions of user-mode pages from kernel-mode. Typically this allows a potential attacker to circumvent a mitigation, making exploitation of potential kernel-mode vulnerabilities easier. We recommend updating kernel beyond commit 7d731b4e9599088ac3073956933559da7bca6a00 and rebuilding.

Related Vulnerabilities

CVE-2017-16887

CRITICAL

CVSS:9.8(Critical)

The portal on FiberHome Mobile WIFI Device Model LM53Q1 VH519R05C01S38 uses SOAP based web services in order to interact with the portal. Unauthorized Access to Web Services can result in disclosure o...

CWE-2752017

CVE-2017-17060

CRITICAL

CVSS:9.8(Critical)

OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: Insecure Permissions.

CWE-2752017

CVE-2018-15379

CRITICAL

CVSS:9.8(Critical)

A vulnerability in which the HTTP web server for Cisco Prime Infrastructure (PI) has unrestricted directory permissions could allow an unauthenticated, remote attacker to upload an arbitrary file. Thi...

CWE-2752018

CVE-2020-14496

CRITICAL

CVSS:9.8(Critical)

Successful exploitation of this vulnerability for multiple Mitsubishi Electric Factory Automation Engineering Software Products of various versions could allow an attacker to escalate privilege and ex...

CWE-2752020

CVE-2023-3759

CRITICAL

CVSS:9.8(Critical)

A vulnerability, which was classified as critical, was found in Intergard SGS 8.7.0. Affected is an unknown function. The manipulation leads to permission issues. It is possible to launch the attack r...

CWE-2752023

CVE-2017-6513

CRITICAL

CVSS:9.9(Critical)

The WHMCS Reseller Module V2 2.0.2 in Softaculous Virtualizor before 2.9.1.0 does not verify the user correctly, which allows remote authenticated users to control other virtual machines managed by Vi...

CWE-2752017