CVE-2020-27950

Published: Dec 8, 2020Modified: Oct 27, 2025CISA KEV

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

A memory initialization issue was addressed. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 12.4.9, watchOS 6.2.9, Security Update 2020-006 High Sierra, Security Update 2020-006 Mojave, iOS 14.2 and iPadOS 14.2, watchOS 5.3.9, macOS Catalina 10.15.7 Supplemental Update, macOS Catalina 10.15.7 Update. A malicious application may be able to disclose kernel memory.

Affected (8)

Products: Apple: Ipados, Iphone Os, Macos, Watchos

4 products

Configuration A

8 vulnerable

Vulnerable Software	Affected Versions
Apple Ipados	Before 14.2
Apple Iphone Os	Before 12.4.9
Apple Iphone Os	From 14.0 to 14.2
Apple Macos	Before 10.15.7
Apple Macos	From 11.0 to 11.0.1
Apple Watchos	Before 5.3.9
Apple Watchos	From 6.0 to 6.2.9
Apple Watchos	From 7.0 to 7.1

Related CWEs

Improper Initialization

The product does not initialize or incorrectly initializes a resource, which might leave the resource in an unexpected state when it is accessed or used.

References (21)

http://packetstormsecurity.com/files/161296/XNU-Kernel-Mach-Message-Trailers-Memory-Disclosure.html

Source: product-security@apple.com

Third Party AdvisoryVDB Entry

http://seclists.org/fulldisclosure/2020/Dec/32

Source: product-security@apple.com

Mailing ListThird Party Advisory

https://support.apple.com/en-us/HT211928

Source: product-security@apple.com

Vendor Advisory

https://support.apple.com/en-us/HT211929

Source: product-security@apple.com

Vendor Advisory

https://support.apple.com/en-us/HT211931

Source: product-security@apple.com

Vendor Advisory

https://support.apple.com/en-us/HT211940

Source: product-security@apple.com

Vendor Advisory

https://support.apple.com/en-us/HT211944

Source: product-security@apple.com

Vendor Advisory

https://support.apple.com/en-us/HT211945

Source: product-security@apple.com

Vendor Advisory

https://support.apple.com/en-us/HT211946

Source: product-security@apple.com

Vendor Advisory

https://support.apple.com/en-us/HT211947

Source: product-security@apple.com

Vendor Advisory

http://packetstormsecurity.com/files/161296/XNU-Kernel-Mach-Message-Trailers-Memory-Disclosure.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://seclists.org/fulldisclosure/2020/Dec/32

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://support.apple.com/en-us/HT211928

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://support.apple.com/en-us/HT211929

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://support.apple.com/en-us/HT211931

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://support.apple.com/en-us/HT211940

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://support.apple.com/en-us/HT211944

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://support.apple.com/en-us/HT211945

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://support.apple.com/en-us/HT211946

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://support.apple.com/en-us/HT211947

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-27950

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

US Government Resource

Timeline

No history available yet.