Details of VAR-202010-1506

ID

VAR-202010-1506

CVE

CVE-2020-9939

TITLE

macOS Vulnerability in loading unsigned kernel extensions in

Trust: 0.8

sources: JVNDB: JVNDB-2020-012700

DESCRIPTION

This issue was addressed with improved checks. This issue is fixed in macOS Catalina 10.15.6. A local user may be able to load unsigned kernel extensions. This vulnerability allows local attackers to escalate privileges on affected installations of Apple macOS. An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability.The specific flaw exists within the handling of kernel extensions in kextload. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute code in the context of the kernel. Apple macOS Catalina is a set of dedicated operating systems developed by Apple for Mac computers. Sandbox is one of the sandbox components. A security vulnerability exists in the Sandbox component of Apple macOS Catalina prior to 10.15.6. The vulnerability stems from the fact that the program does not properly lock objects before operating on them

Trust: 2.43

sources: NVD: CVE-2020-9939 // JVNDB: JVNDB-2020-012700 // ZDI: ZDI-20-960 // VULHUB: VHN-188064 // VULMON: CVE-2020-9939

AFFECTED PRODUCTS

vendor:	apple	model:	mac os x	scope:	lt	version:	10.15.6	Trust: 1.0
vendor:	アップル	model:	apple mac os x	scope:	eq	version:	-	Trust: 0.8
vendor:	アップル	model:	apple mac os x	scope:	eq	version:	10.15.5	Trust: 0.8
vendor:	apple	model:	macos	scope:	-	version:	-	Trust: 0.7

sources: ZDI: ZDI-20-960 // JVNDB: JVNDB-2020-012700 // NVD: CVE-2020-9939

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-9939
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2020-9939
value:	MEDIUM
Trust: 0.8
ZDI:	CVE-2020-9939
value:	HIGH
Trust: 0.7
CNNVD:	CNNVD-202008-348
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-188064
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2020-9939
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-9939
severity:	MEDIUM
baseScore:	4.4
vectorString:	AV:L/AC:M/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.4
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-188064
severity:	MEDIUM
baseScore:	4.4
vectorString:	AV:L/AC:M/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.4
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-9939
baseSeverity:	MEDIUM
baseScore:	6.4
vectorString:	CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	HIGH
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.5
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2020-9939
baseSeverity:	MEDIUM
baseScore:	6.4
vectorString:	CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	HIGH
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8
ZDI:	CVE-2020-9939
baseSeverity:	HIGH
baseScore:	8.2
vectorString:	AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.5
impactScore:	6.0
version:	3.0
Trust: 0.7

sources: ZDI: ZDI-20-960 // VULHUB: VHN-188064 // VULMON: CVE-2020-9939 // JVNDB: JVNDB-2020-012700 // CNNVD: CNNVD-202008-348 // NVD: CVE-2020-9939

PROBLEMTYPE DATA

problemtype:	CWE-367	Trust: 1.1
problemtype:	Time-of-check Time-of-use (TOCTOU) Race condition (CWE-367) [NVD Evaluation ]	Trust: 0.8

sources: VULHUB: VHN-188064 // JVNDB: JVNDB-2020-012700 // NVD: CVE-2020-9939

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202008-348

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202008-348

PATCH

title:	HT211289 Apple Security update	url:	https://support.apple.com/en-us/HT211289	Trust: 1.5
title:	Apple macOS Catalina Sandbox Fixes for component security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=125889	Trust: 0.6

sources: ZDI: ZDI-20-960 // JVNDB: JVNDB-2020-012700 // CNNVD: CNNVD-202008-348

EXTERNAL IDS

db:	NVD	id:	CVE-2020-9939	Trust: 3.3
db:	ZDI	id:	ZDI-20-960	Trust: 1.3
db:	JVN	id:	JVNVU94090210	Trust: 0.8
db:	JVNDB	id:	JVNDB-2020-012700	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-10778	Trust: 0.7
db:	CNNVD	id:	CNNVD-202008-348	Trust: 0.7
db:	NSFOCUS	id:	50060	Trust: 0.6
db:	CNVD	id:	CNVD-2020-49313	Trust: 0.1
db:	VULHUB	id:	VHN-188064	Trust: 0.1
db:	VULMON	id:	CVE-2020-9939	Trust: 0.1

sources: ZDI: ZDI-20-960 // VULHUB: VHN-188064 // VULMON: CVE-2020-9939 // JVNDB: JVNDB-2020-012700 // CNNVD: CNNVD-202008-348 // NVD: CVE-2020-9939

REFERENCES

url:	https://support.apple.com/kb/ht211289	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9939	Trust: 1.4
url:	https://support.apple.com/en-us/ht211289	Trust: 1.3
url:	http://jvn.jp/vu/jvnvu94090210/index.html	Trust: 0.8
url:	http://www.nsfocus.net/vulndb/50060	Trust: 0.6
url:	https://www.zerodayinitiative.com/advisories/zdi-20-960/	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/367.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/186449	Trust: 0.1

sources: ZDI: ZDI-20-960 // VULHUB: VHN-188064 // VULMON: CVE-2020-9939 // JVNDB: JVNDB-2020-012700 // CNNVD: CNNVD-202008-348 // NVD: CVE-2020-9939

CREDITS

@SSLab_Gatech (@jinmo123, @setuid0x0_, and @insu_yun_en)

Trust: 0.7

sources: ZDI: ZDI-20-960

SOURCES

db:	ZDI	id:	ZDI-20-960
db:	VULHUB	id:	VHN-188064
db:	VULMON	id:	CVE-2020-9939
db:	JVNDB	id:	JVNDB-2020-012700
db:	CNNVD	id:	CNNVD-202008-348
db:	NVD	id:	CVE-2020-9939

LAST UPDATE DATE

2024-11-23T19:36:44.375000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-20-960	date:	2021-06-29T00:00:00
db:	VULHUB	id:	VHN-188064	date:	2020-10-29T00:00:00
db:	VULMON	id:	CVE-2020-9939	date:	2020-10-29T00:00:00
db:	JVNDB	id:	JVNDB-2020-012700	date:	2021-05-24T06:32:00
db:	CNNVD	id:	CNNVD-202008-348	date:	2021-10-29T00:00:00
db:	NVD	id:	CVE-2020-9939	date:	2024-11-21T05:41:33.870

SOURCES RELEASE DATE

db:	ZDI	id:	ZDI-20-960	date:	2020-08-10T00:00:00
db:	VULHUB	id:	VHN-188064	date:	2020-10-22T00:00:00
db:	VULMON	id:	CVE-2020-9939	date:	2020-10-22T00:00:00
db:	JVNDB	id:	JVNDB-2020-012700	date:	2021-05-24T00:00:00
db:	CNNVD	id:	CNNVD-202008-348	date:	2020-08-10T00:00:00
db:	NVD	id:	CVE-2020-9939	date:	2020-10-22T19:15:15.527