ID
VAR-202010-1242
CVE
CVE-2020-9921
TITLE
macOS Memory Corruption Vulnerability in
Trust: 0.8
sources:
JVNDB: JVNDB-2020-010035
DESCRIPTION
A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.6. A malicious application may be able to execute arbitrary code with system privileges. This vulnerability allows local attackers to escalate privileges on affected installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.The specific flaw exists within the AppleIntelKBLGraphics kernel extension. The issue results from the lack of proper locking when performing operations on an object. Apple OS X is a set of dedicated operating systems developed by Apple for Mac computers
Trust: 4.32
sources:
NVD: CVE-2020-9921 //
JVNDB: JVNDB-2020-010035 //
ZDI: ZDI-20-1212 //
ZDI: ZDI-20-1210 //
ZDI: ZDI-20-1211 //
ZDI: ZDI-20-1213 //
VULHUB: VHN-188046 //
VULMON: CVE-2020-9921
AFFECTED PRODUCTS
| vendor: | apple | model: | macos | scope: | - | version: | - | Trust: 2.8 |
| vendor: | apple | model: | mac os x | scope: | lt | version: | 10.15.6 | Trust: 1.0 |
| vendor: | apple | model: | mac os x | scope: | eq | version: | 10.13.6 | Trust: 0.8 |
| vendor: | apple | model: | mac os x | scope: | eq | version: | 10.14.6 | Trust: 0.8 |
| vendor: | apple | model: | mac os x | scope: | eq | version: | 10.15.5 | Trust: 0.8 |
sources:
ZDI: ZDI-20-1212 //
ZDI: ZDI-20-1210 //
ZDI: ZDI-20-1211 //
ZDI: ZDI-20-1213 //
JVNDB: JVNDB-2020-010035 //
NVD: CVE-2020-9921
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
sources:
ZDI: ZDI-20-1212 //
ZDI: ZDI-20-1210 //
ZDI: ZDI-20-1211 //
ZDI: ZDI-20-1213 //
VULHUB: VHN-188046 //
VULMON: CVE-2020-9921 //
JVNDB: JVNDB-2020-010035 //
CNNVD: CNNVD-202010-1236 //
NVD: CVE-2020-9921
PROBLEMTYPE DATA
| problemtype: | CWE-367 | Trust: 1.9 |
| problemtype: | CWE-787 | Trust: 1.1 |
sources:
VULHUB: VHN-188046 //
JVNDB: JVNDB-2020-010035 //
NVD: CVE-2020-9921
THREAT TYPE
local
Trust: 0.6
sources:
CNNVD: CNNVD-202010-1236
TYPE
authorization issue
Trust: 0.6
sources:
CNNVD: CNNVD-202010-1236
CONFIGURATIONS
sources:
JVNDB: JVNDB-2020-010035
PATCH
| title: | Apple has issued an update to correct this vulnerability. | url: | https://support.apple.com/en-gb/HT211289 | Trust: 2.8 |
| title: | HT211289 | url: | https://support.apple.com/en-us/HT211289 | Trust: 0.8 |
| title: | HT211289 | url: | https://support.apple.com/ja-jp/HT211289 | Trust: 0.8 |
| title: | Apple OS X Remediation measures for authorization problem vulnerabilities | url: | http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=131689 | Trust: 0.6 |
sources:
ZDI: ZDI-20-1212 //
ZDI: ZDI-20-1210 //
ZDI: ZDI-20-1211 //
ZDI: ZDI-20-1213 //
JVNDB: JVNDB-2020-010035 //
CNNVD: CNNVD-202010-1236
EXTERNAL IDS
| db: | NVD | id: | CVE-2020-9921 | Trust: 5.4 |
| db: | JVN | id: | JVNVU94090210 | Trust: 0.8 |
| db: | JVNDB | id: | JVNDB-2020-010035 | Trust: 0.8 |
| db: | ZDI_CAN | id: | ZDI-CAN-10943 | Trust: 0.7 |
| db: | ZDI | id: | ZDI-20-1212 | Trust: 0.7 |
| db: | ZDI_CAN | id: | ZDI-CAN-10946 | Trust: 0.7 |
| db: | ZDI | id: | ZDI-20-1210 | Trust: 0.7 |
| db: | ZDI_CAN | id: | ZDI-CAN-10944 | Trust: 0.7 |
| db: | ZDI | id: | ZDI-20-1211 | Trust: 0.7 |
| db: | ZDI_CAN | id: | ZDI-CAN-10942 | Trust: 0.7 |
| db: | ZDI | id: | ZDI-20-1213 | Trust: 0.7 |
| db: | CNNVD | id: | CNNVD-202010-1236 | Trust: 0.7 |
| db: | NSFOCUS | id: | 50079 | Trust: 0.6 |
| db: | VULHUB | id: | VHN-188046 | Trust: 0.1 |
| db: | VULMON | id: | CVE-2020-9921 | Trust: 0.1 |
sources:
ZDI: ZDI-20-1212 //
ZDI: ZDI-20-1210 //
ZDI: ZDI-20-1211 //
ZDI: ZDI-20-1213 //
VULHUB: VHN-188046 //
VULMON: CVE-2020-9921 //
JVNDB: JVNDB-2020-010035 //
CNNVD: CNNVD-202010-1236 //
NVD: CVE-2020-9921
REFERENCES
| url: | https://support.apple.com/en-gb/ht211289 | Trust: 2.8 |
| url: | https://support.apple.com/kb/ht211289 | Trust: 1.8 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2020-9921 | Trust: 1.4 |
| url: | https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-9921 | Trust: 0.8 |
| url: | http://jvn.jp/vu/jvnvu94090210/index.html | Trust: 0.8 |
| url: | https://support.apple.com/en-us/ht211289 | Trust: 0.6 |
| url: | http://www.nsfocus.net/vulndb/50079 | Trust: 0.6 |
| url: | https://cwe.mitre.org/data/definitions/367.html | Trust: 0.1 |
| url: | https://nvd.nist.gov | Trust: 0.1 |
sources:
ZDI: ZDI-20-1212 //
ZDI: ZDI-20-1210 //
ZDI: ZDI-20-1211 //
ZDI: ZDI-20-1213 //
VULHUB: VHN-188046 //
VULMON: CVE-2020-9921 //
JVNDB: JVNDB-2020-010035 //
CNNVD: CNNVD-202010-1236 //
NVD: CVE-2020-9921
CREDITS
ABC Research s.r.o.
Trust: 2.8
sources:
ZDI: ZDI-20-1212 //
ZDI: ZDI-20-1210 //
ZDI: ZDI-20-1211 //
ZDI: ZDI-20-1213
SOURCES
| db: | ZDI | id: | ZDI-20-1212 |
| db: | ZDI | id: | ZDI-20-1210 |
| db: | ZDI | id: | ZDI-20-1211 |
| db: | ZDI | id: | ZDI-20-1213 |
| db: | VULHUB | id: | VHN-188046 |
| db: | VULMON | id: | CVE-2020-9921 |
| db: | JVNDB | id: | JVNDB-2020-010035 |
| db: | CNNVD | id: | CNNVD-202010-1236 |
| db: | NVD | id: | CVE-2020-9921 |
LAST UPDATE DATE
2024-11-23T19:38:42.494000+00:00
SOURCES UPDATE DATE
| db: | ZDI | id: | ZDI-20-1212 | date: | 2020-09-21T00:00:00 |
| db: | ZDI | id: | ZDI-20-1210 | date: | 2020-09-21T00:00:00 |
| db: | ZDI | id: | ZDI-20-1211 | date: | 2020-09-21T00:00:00 |
| db: | ZDI | id: | ZDI-20-1213 | date: | 2020-09-21T00:00:00 |
| db: | VULHUB | id: | VHN-188046 | date: | 2021-07-21T00:00:00 |
| db: | VULMON | id: | CVE-2020-9921 | date: | 2020-10-27T00:00:00 |
| db: | JVNDB | id: | JVNDB-2020-010035 | date: | 2020-12-17T08:44:25 |
| db: | CNNVD | id: | CNNVD-202010-1236 | date: | 2021-10-29T00:00:00 |
| db: | NVD | id: | CVE-2020-9921 | date: | 2024-11-21T05:41:31.877 |
SOURCES RELEASE DATE
| db: | ZDI | id: | ZDI-20-1212 | date: | 2020-09-21T00:00:00 |
| db: | ZDI | id: | ZDI-20-1210 | date: | 2020-09-21T00:00:00 |
| db: | ZDI | id: | ZDI-20-1211 | date: | 2020-09-21T00:00:00 |
| db: | ZDI | id: | ZDI-20-1213 | date: | 2020-09-21T00:00:00 |
| db: | VULHUB | id: | VHN-188046 | date: | 2020-10-22T00:00:00 |
| db: | VULMON | id: | CVE-2020-9921 | date: | 2020-10-22T00:00:00 |
| db: | JVNDB | id: | JVNDB-2020-010035 | date: | 2020-12-17T08:44:25 |
| db: | CNNVD | id: | CNNVD-202010-1236 | date: | 2020-10-22T00:00:00 |
| db: | NVD | id: | CVE-2020-9921 | date: | 2020-10-22T19:15:14.777 |