CVE-2022-26757

Published: May 26, 2022Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, Security Update 2022-004 Catalina, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.4. An application may be able to execute arbitrary code with kernel privileges.

Affected (20)

Products: Apple: Ipados, Iphone Os, Mac Os X, Macos, Tvos, Watchos

6 products

Configuration A

20 vulnerable

Vulnerable Software	Affected Versions
Apple Ipados	Before 15.5
Apple Iphone Os	Before 15.5
Apple Mac Os X	Before 10.15.7
Apple Mac Os X	Version 10.15.7
Apple Mac Os X	Version 10.15.7 security_update_2020-001
Apple Mac Os X	Version 10.15.7 security_update_2021-001
Apple Mac Os X	Version 10.15.7 security_update_2021-002
Apple Mac Os X	Version 10.15.7 security_update_2021-003
Apple Mac Os X	Version 10.15.7 security_update_2021-004
Apple Mac Os X	Version 10.15.7 security_update_2021-005
Apple Mac Os X	Version 10.15.7 security_update_2021-006
Apple Mac Os X	Version 10.15.7 security_update_2021-007
Apple Mac Os X	Version 10.15.7 security_update_2021-008
Apple Mac Os X	Version 10.15.7 security_update_2022-001
Apple Mac Os X	Version 10.15.7 security_update_2022-002
Apple Mac Os X	Version 10.15.7 security_update_2022-003
Apple Macos	From 11.0 to 11.6.6
Apple Macos	From 12.0 to 12.4
Apple Tvos	Before 15.5
Apple Watchos	Before 8.6

Related CWEs

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

References (14)

http://packetstormsecurity.com/files/167517/XNU-Flow-Divert-Race-Condition-Use-After-Free.html

Source: product-security@apple.com

Third Party AdvisoryVDB Entry

https://support.apple.com/en-us/HT213253

Source: product-security@apple.com

Vendor Advisory

https://support.apple.com/en-us/HT213254

Source: product-security@apple.com

Vendor Advisory

https://support.apple.com/en-us/HT213255

Source: product-security@apple.com

Vendor Advisory

https://support.apple.com/en-us/HT213256

Source: product-security@apple.com

Vendor Advisory

https://support.apple.com/en-us/HT213257

Source: product-security@apple.com

Vendor Advisory

https://support.apple.com/en-us/HT213258

Source: product-security@apple.com

Vendor Advisory

http://packetstormsecurity.com/files/167517/XNU-Flow-Divert-Race-Condition-Use-After-Free.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://support.apple.com/en-us/HT213253

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://support.apple.com/en-us/HT213254

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://support.apple.com/en-us/HT213255

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://support.apple.com/en-us/HT213256

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://support.apple.com/en-us/HT213257

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://support.apple.com/en-us/HT213258

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.