Sign-up

ID

VAR-202104-0155


CVE

CVE-2020-27947


TITLE

Apple macOS process_token_AVCDecode Out-Of-Bounds Write Privilege Escalation Vulnerability

Trust: 0.7

sources: ZDI: ZDI-21-377

DESCRIPTION

A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave. An application may be able to execute arbitrary code with kernel privileges. This vulnerability allows local attackers to escalate privileges on affected installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.The specific flaw exists within the AppleIntelKBLGraphics kext. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. Apple macOS could allow a local malicious user to gain elevated privileges on the system, caused by a memory corruption issue in the Graphics Drivers component

Trust: 1.71

sources: NVD: CVE-2020-27947 // ZDI: ZDI-21-377 // VULHUB: VHN-372058 // VULMON: CVE-2020-27947

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:gteversion:10.15

Trust: 1.0

vendor:applemodel:macosscope:ltversion:11.1.0

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.15.7

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.14.6

Trust: 1.0

vendor:applemodel:macosscope:gteversion:11.0

Trust: 1.0

vendor:applemodel:mac os xscope:ltversion:10.15.7

Trust: 1.0

vendor:applemodel:mac os xscope:ltversion:10.14.6

Trust: 1.0

vendor:applemodel:mac os xscope:gteversion:10.14

Trust: 1.0

vendor:applemodel:macosscope: - version: -

Trust: 0.7

sources: ZDI: ZDI-21-377 // NVD: CVE-2020-27947

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-27947
value: HIGH

Trust: 1.0

ZDI: CVE-2020-27947
value: HIGH

Trust: 0.7

CNNVD: CNNVD-202012-1049
value: HIGH

Trust: 0.6

VULHUB: VHN-372058
value: HIGH

Trust: 0.1

VULMON: CVE-2020-27947
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2020-27947
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

VULHUB: VHN-372058
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-27947
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

ZDI: CVE-2020-27947
baseSeverity: HIGH
baseScore: 7.8
vectorString: AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: HIGH
privilegesRequired: LOW
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.1
impactScore: 6.0
version: 3.0

Trust: 0.7

sources: ZDI: ZDI-21-377 // VULHUB: VHN-372058 // VULMON: CVE-2020-27947 // CNNVD: CNNVD-202012-1049 // NVD: CVE-2020-27947

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.1

problemtype:CWE-119

Trust: 0.1

sources: VULHUB: VHN-372058 // NVD: CVE-2020-27947

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202012-1049

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202012-1049

PATCH

title:Apple has issued an update to correct this vulnerability.url:https://support.apple.com/en-us/HT212011

Trust: 0.7

title:Apple macOS Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=137005

Trust: 0.6

title:Apple: macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojaveurl:https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=60a51a6d3f600c46241622f208f75bff

Trust: 0.1

sources: ZDI: ZDI-21-377 // VULMON: CVE-2020-27947 // CNNVD: CNNVD-202012-1049

EXTERNAL IDS

db:NVDid:CVE-2020-27947

Trust: 2.5

db:ZDIid:ZDI-21-377

Trust: 1.3

db:ZDI_CANid:ZDI-CAN-11468

Trust: 0.7

db:AUSCERTid:ESB-2020.4404

Trust: 0.6

db:CNNVDid:CNNVD-202012-1049

Trust: 0.6

db:VULHUBid:VHN-372058

Trust: 0.1

db:VULMONid:CVE-2020-27947

Trust: 0.1

sources: ZDI: ZDI-21-377 // VULHUB: VHN-372058 // VULMON: CVE-2020-27947 // CNNVD: CNNVD-202012-1049 // NVD: CVE-2020-27947

REFERENCES

url:https://support.apple.com/en-us/ht212011

Trust: 2.5

url:https://www.zerodayinitiative.com/advisories/zdi-21-377/

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2020-27947

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.4404/

Trust: 0.6

url:https://vigilance.fr/vulnerability/apple-macos-multiple-vulnerabilities-34108

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/119.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/193096

Trust: 0.1

sources: ZDI: ZDI-21-377 // VULHUB: VHN-372058 // VULMON: CVE-2020-27947 // CNNVD: CNNVD-202012-1049 // NVD: CVE-2020-27947

CREDITS

ABC Research s.r.o.

Trust: 0.7

sources: ZDI: ZDI-21-377

SOURCES

db:ZDIid:ZDI-21-377
db:VULHUBid:VHN-372058
db:VULMONid:CVE-2020-27947
db:CNNVDid:CNNVD-202012-1049
db:NVDid:CVE-2020-27947

LAST UPDATE DATE

2024-11-23T20:51:35.152000+00:00


SOURCES UPDATE DATE

db:ZDIid:ZDI-21-377date:2021-03-30T00:00:00
db:VULHUBid:VHN-372058date:2022-06-28T00:00:00
db:VULMONid:CVE-2020-27947date:2021-04-08T00:00:00
db:CNNVDid:CNNVD-202012-1049date:2021-04-20T00:00:00
db:NVDid:CVE-2020-27947date:2024-11-21T05:22:06.310

SOURCES RELEASE DATE

db:ZDIid:ZDI-21-377date:2021-03-30T00:00:00
db:VULHUBid:VHN-372058date:2021-04-02T00:00:00
db:VULMONid:CVE-2020-27947date:2021-04-02T00:00:00
db:CNNVDid:CNNVD-202012-1049date:2020-12-15T00:00:00
db:NVDid:CVE-2020-27947date:2021-04-02T18:15:16.763