Details of VAR-201705-3989

ID

VAR-201705-3989

CVE

CVE-2017-6985

TITLE

Apple macOS of NVIDIA Graphics driver component vulnerable to arbitrary code execution in privileged context

Trust: 0.8

sources: JVNDB: JVNDB-2017-003847

DESCRIPTION

An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "NVIDIA Graphics Drivers" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. Apple macOS is prone to multiple security vulnerabilities. An attacker can exploit these issues to gain elevated privileges, perform unauthorized actions and execute arbitrary code with kernel privileges. Failed exploit attempts will likely cause a denial-of-service condition. Apple macOS Sierra is a dedicated operating system developed by Apple for Mac computers

Trust: 1.98

sources: NVD: CVE-2017-6985 // JVNDB: JVNDB-2017-003847 // BID: 98483 // VULHUB: VHN-115188

AFFECTED PRODUCTS

vendor:	apple	model:	mac os x	scope:	eq	version:	10.12.4	Trust: 1.4
vendor:	apple	model:	mac os x	scope:	lte	version:	10.12.4	Trust: 1.0
vendor:	apple	model:	macos	scope:	eq	version:	10.12.4	Trust: 0.3
vendor:	apple	model:	macos	scope:	eq	version:	10.12.3	Trust: 0.3
vendor:	apple	model:	macos	scope:	eq	version:	10.12.2	Trust: 0.3
vendor:	apple	model:	macos	scope:	eq	version:	10.12.1	Trust: 0.3
vendor:	apple	model:	macos	scope:	eq	version:	10.12	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.11.6	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.10.5	Trust: 0.3
vendor:	apple	model:	macos	scope:	ne	version:	10.12.5	Trust: 0.3

sources: BID: 98483 // JVNDB: JVNDB-2017-003847 // CNNVD: CNNVD-201705-966 // NVD: CVE-2017-6985

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-6985
value:	HIGH
Trust: 1.0
NVD:	CVE-2017-6985
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201705-966
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-115188
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2017-6985
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-115188
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-6985
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-115188 // JVNDB: JVNDB-2017-003847 // CNNVD: CNNVD-201705-966 // NVD: CVE-2017-6985

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.9

sources: VULHUB: VHN-115188 // JVNDB: JVNDB-2017-003847 // NVD: CVE-2017-6985

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201705-966

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201705-966

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-003847

PATCH

title:	Apple security updates	url:	https://support.apple.com/en-us/HT201222	Trust: 0.8
title:	HT207797	url:	https://support.apple.com/en-us/HT207797	Trust: 0.8
title:	HT207797	url:	https://support.apple.com/ja-jp/HT207797	Trust: 0.8
title:	Apple macOS Sierra NVIDIA Graphics Drivers Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=70442	Trust: 0.6

sources: JVNDB: JVNDB-2017-003847 // CNNVD: CNNVD-201705-966

EXTERNAL IDS

db:	NVD	id:	CVE-2017-6985	Trust: 2.8
db:	SECTRACK	id:	1038484	Trust: 1.1
db:	JVN	id:	JVNVU98089541	Trust: 0.8
db:	JVNDB	id:	JVNDB-2017-003847	Trust: 0.8
db:	CNNVD	id:	CNNVD-201705-966	Trust: 0.7
db:	BID	id:	98483	Trust: 0.3
db:	VULHUB	id:	VHN-115188	Trust: 0.1

sources: VULHUB: VHN-115188 // BID: 98483 // JVNDB: JVNDB-2017-003847 // CNNVD: CNNVD-201705-966 // NVD: CVE-2017-6985

REFERENCES

url:	https://support.apple.com/ht207797	Trust: 1.7
url:	http://www.securitytracker.com/id/1038484	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6985	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu98089541/index.html	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-6985	Trust: 0.8
url:	https://www.apple.com/	Trust: 0.3

sources: VULHUB: VHN-115188 // BID: 98483 // JVNDB: JVNDB-2017-003847 // CNNVD: CNNVD-201705-966 // NVD: CVE-2017-6985

CREDITS

Tim Cappalli of Aruba, Ian Beer of Google Project Zero, Samuel Gro? and Niklas Baumstark, Chaitin Security Research Lab, evi1m0 of YSRC, sss and Axis of 360Nirvan team, 360 Security, Jann Horn, Federico Bento of Faculty of Sciences, Richard Zhu, and Team

Trust: 0.3

sources: BID: 98483

SOURCES

db:	VULHUB	id:	VHN-115188
db:	BID	id:	98483
db:	JVNDB	id:	JVNDB-2017-003847
db:	CNNVD	id:	CNNVD-201705-966
db:	NVD	id:	CVE-2017-6985

LAST UPDATE DATE

2025-04-20T21:25:07.620000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-115188	date:	2017-07-08T00:00:00
db:	BID	id:	98483	date:	2017-05-15T00:00:00
db:	JVNDB	id:	JVNDB-2017-003847	date:	2017-06-08T00:00:00
db:	CNNVD	id:	CNNVD-201705-966	date:	2017-05-24T00:00:00
db:	NVD	id:	CVE-2017-6985	date:	2025-04-20T01:37:25.860

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-115188	date:	2017-05-22T00:00:00
db:	BID	id:	98483	date:	2017-05-15T00:00:00
db:	JVNDB	id:	JVNDB-2017-003847	date:	2017-06-08T00:00:00
db:	CNNVD	id:	CNNVD-201705-966	date:	2017-05-24T00:00:00
db:	NVD	id:	CVE-2017-6985	date:	2017-05-22T05:29:02.973