CVE-2022-26768 - Vulnerability Details - OpenCVE

A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.4, watchOS 8.6, tvOS 15.5, macOS Big Sur 11.6.6. An application may be able to execute arbitrary code with kernel privileges.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Apple	Ipados Iphone Os Macos Tvos Watchos

Configuration 1 [-]

OR	cpe:2.3:o:apple:ipados::::::::
	cpe:2.3:o:apple:iphone_os::::::::
	cpe:2.3:o:apple:macos::::::::
	cpe:2.3:o:apple:macos::::::::
	cpe:2.3:o:apple:tvos::::::::
	cpe:2.3:o:apple:watchos::::::::

No data.

References

Link	Providers
http://seclists.org/fulldisclosure/2022/Jul/12
https://support.apple.com/en-us/HT213253
https://support.apple.com/en-us/HT213254
https://support.apple.com/en-us/HT213256
https://support.apple.com/en-us/HT213257
https://support.apple.com/kb/HT213346

History

No history.

MITRE

Status: PUBLISHED

Assigner: apple

Published: 2022-05-26T19:23:54

Updated: 2024-08-03T05:11:44.500Z

Reserved: 2022-03-08T00:00:00

Link: CVE-2022-26768

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-05-26T20:15:09.783

Modified: 2024-11-21T06:54:28.010

Link: CVE-2022-26768

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "watchOS", "vendor": "Apple", "versions": [{"lessThan": "8.6", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "watchOS", "vendor": "Apple", "versions": [{"lessThan": "15.5", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "watchOS", "vendor": "Apple", "versions": [{"lessThan": "11.6", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "watchOS", "vendor": "Apple", "versions": [{"lessThan": "12.4", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.4, watchOS 8.6, tvOS 15.5, macOS Big Sur 11.6.6. An application may be able to execute arbitrary code with kernel privileges."}], "problemTypes": [{"descriptions": [{"description": "An application may be able to execute arbitrary code with kernel privileges", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-07-22T05:06:58", "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://support.apple.com/en-us/HT213256"}, {"tags": ["x_refsource_MISC"], "url": "https://support.apple.com/en-us/HT213253"}, {"tags": ["x_refsource_MISC"], "url": "https://support.apple.com/en-us/HT213254"}, {"tags": ["x_refsource_MISC"], "url": "https://support.apple.com/en-us/HT213257"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.apple.com/kb/HT213346"}, {"name": "20220721 APPLE-SA-2022-07-20-1 iOS 15.6 and iPadOS 15.6", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2022/Jul/12"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "product-security@apple.com", "ID": "CVE-2022-26768", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "watchOS", "version": {"version_data": [{"version_affected": "<", "version_value": "8.6"}]}}, {"product_name": "watchOS", "version": {"version_data": [{"version_affected": "<", "version_value": "15.5"}]}}, {"product_name": "watchOS", "version": {"version_data": [{"version_affected": "<", "version_value": "11.6"}]}}, {"product_name": "watchOS", "version": {"version_data": [{"version_affected": "<", "version_value": "12.4"}]}}]}, "vendor_name": "Apple"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.4, watchOS 8.6, tvOS 15.5, macOS Big Sur 11.6.6. An application may be able to execute arbitrary code with kernel privileges."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "An application may be able to execute arbitrary code with kernel privileges"}]}]}, "references": {"reference_data": [{"name": "https://support.apple.com/en-us/HT213256", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213256"}, {"name": "https://support.apple.com/en-us/HT213253", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213253"}, {"name": "https://support.apple.com/en-us/HT213254", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213254"}, {"name": "https://support.apple.com/en-us/HT213257", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213257"}, {"name": "https://support.apple.com/kb/HT213346", "refsource": "CONFIRM", "url": "https://support.apple.com/kb/HT213346"}, {"name": "20220721 APPLE-SA-2022-07-20-1 iOS 15.6 and iPadOS 15.6", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2022/Jul/12"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T05:11:44.500Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://support.apple.com/en-us/HT213256"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://support.apple.com/en-us/HT213253"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://support.apple.com/en-us/HT213254"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://support.apple.com/en-us/HT213257"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.apple.com/kb/HT213346"}, {"name": "20220721 APPLE-SA-2022-07-20-1 iOS 15.6 and iPadOS 15.6", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2022/Jul/12"}]}]}, "cveMetadata": {"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "cveId": "CVE-2022-26768", "datePublished": "2022-05-26T19:23:54", "dateReserved": "2022-03-08T00:00:00", "dateUpdated": "2024-08-03T05:11:44.500Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", "matchCriteriaId": "F5E4F87A-8003-43EB-99F7-35C82AEA4DC0", "versionEndExcluding": "15.6", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "matchCriteriaId": "B6FA9FE3-1891-405C-B191-04CAB84ADD46", "versionEndExcluding": "15.6", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "matchCriteriaId": "09A6345C-D813-43BA-B12E-789C80653F86", "versionEndExcluding": "11.6.6", "versionStartIncluding": "11.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "matchCriteriaId": "35154201-43EA-4C22-B0BA-D1A24C46D320", "versionEndExcluding": "12.4", "versionStartIncluding": "12.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", "matchCriteriaId": "4C98BE9E-8463-4CB9-8E42-A68DC0B20BD8", "versionEndExcluding": "15.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", "matchCriteriaId": "E8BAAD78-60FC-4EC3-B727-55F0C0969D6A", "versionEndExcluding": "8.6", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.4, watchOS 8.6, tvOS 15.5, macOS Big Sur 11.6.6. An application may be able to execute arbitrary code with kernel privileges."}, {"lang": "es", "value": "Se abord\u00f3 un problema de corrupci\u00f3n de memoria con una administraci\u00f3n de estados mejorada. Este problema es corregido en macOS Monterey versi\u00f3n 12.4, watchOS versi\u00f3n 8.6, tvOS versi\u00f3n 15.5, macOS Big Sur versi\u00f3n 11.6.6. Una aplicaci\u00f3n puede ser capaz de ejecutar c\u00f3digo arbitrario con privilegios del kernel"}], "id": "CVE-2022-26768", "lastModified": "2024-11-21T06:54:28.010", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-05-26T20:15:09.783", "references": [{"source": "product-security@apple.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2022/Jul/12"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/en-us/HT213253"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/en-us/HT213254"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/en-us/HT213256"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/en-us/HT213257"}, {"source": "product-security@apple.com", "tags": ["Third Party Advisory"], "url": "https://support.apple.com/kb/HT213346"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2022/Jul/12"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/en-us/HT213253"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/en-us/HT213254"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/en-us/HT213256"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/en-us/HT213257"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://support.apple.com/kb/HT213346"}], "sourceIdentifier": "product-security@apple.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}