Details of VAR-202109-1334

ID

VAR-202109-1334

CVE

CVE-2021-30719

TITLE

Apple macOS AppleIntelKBLGraphics IOCTL 0x20006 Out-Of-Bounds Read Information Disclosure Vulnerability

Trust: 0.7

sources: ZDI: ZDI-21-770

DESCRIPTION

A local user may be able to cause unexpected system termination or read kernel memory. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina. An out-of-bounds read issue was addressed by removing the vulnerable code. This vulnerability allows local attackers to disclose sensitive information on affected installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.The specific flaw exists within the handling of IOCTL 0x20006 in the AppleIntelKBLGraphics kext. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute code in the context of the kernel. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. A buffer error vulnerability exists in macOS Big Sur due to the fact that a local user can run a specially crafted program to trigger an out-of-bounds read error and read the contents of kernel memory on the system. Affected versions: macOS: 11.0 20A2411, 11.0.1 20B29, 11.0.1 20B50, 11.1 20C69, 11.2 20D64, 11.2.1 20D74, 11.2.1 20D75, 11.2.2 20D80, 11.2.3 20D91, 1E2.3, 20D91, 11.2.3, 20D74 20E241

Trust: 2.25

sources: NVD: CVE-2021-30719 // ZDI: ZDI-21-770 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-390452 // VULMON: CVE-2021-30719

AFFECTED PRODUCTS

vendor:	apple	model:	mac os x	scope:	lte	version:	10.15.6	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	gte	version:	10.15	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.15.7	Trust: 1.0
vendor:	apple	model:	macos	scope:	gte	version:	11.0	Trust: 1.0
vendor:	apple	model:	macos	scope:	lt	version:	11.4	Trust: 1.0
vendor:	apple	model:	macos	scope:	-	version:	-	Trust: 0.7

sources: ZDI: ZDI-21-770 // NVD: CVE-2021-30719

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-30719
value:	HIGH
Trust: 1.0
ZDI:	CVE-2021-30719
value:	MEDIUM
Trust: 0.7
CNNVD:	CNNVD-202104-975
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202105-1449
value:	HIGH
Trust: 0.6
VULHUB:	VHN-390452
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2021-30719
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-30719
severity:	MEDIUM
baseScore:	6.6
vectorString:	AV:L/AC:L/AU:N/C:C/I:N/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	9.2
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
VULHUB:	VHN-390452
severity:	MEDIUM
baseScore:	6.6
vectorString:	AV:L/AC:L/AU:N/C:C/I:N/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	9.2
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-30719
baseSeverity:	HIGH
baseScore:	7.1
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.2
version:	3.1
Trust: 1.0
ZDI:	CVE-2021-30719
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.0
impactScore:	4.0
version:	3.0
Trust: 0.7

sources: ZDI: ZDI-21-770 // VULHUB: VHN-390452 // VULMON: CVE-2021-30719 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202105-1449 // NVD: CVE-2021-30719

PROBLEMTYPE DATA

problemtype:

CWE-125

Trust: 1.1

sources: VULHUB: VHN-390452 // NVD: CVE-2021-30719

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202105-1449

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

PATCH

title:	Apple has issued an update to correct this vulnerability.	url:	https://support.apple.com/HT212529	Trust: 0.7
title:	Apple macOS Big Sur Buffer error vulnerability fix	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=151642	Trust: 0.6

sources: ZDI: ZDI-21-770 // CNNVD: CNNVD-202105-1449

EXTERNAL IDS

db:	NVD	id:	CVE-2021-30719	Trust: 2.5
db:	ZDI	id:	ZDI-21-770	Trust: 1.4
db:	ZDI_CAN	id:	ZDI-CAN-13160	Trust: 0.7
db:	CS-HELP	id:	SB2021041363	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-975	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.1794	Trust: 0.6
db:	CS-HELP	id:	SB2021052415	Trust: 0.6
db:	CNNVD	id:	CNNVD-202105-1449	Trust: 0.6
db:	VULHUB	id:	VHN-390452	Trust: 0.1
db:	VULMON	id:	CVE-2021-30719	Trust: 0.1

sources: ZDI: ZDI-21-770 // VULHUB: VHN-390452 // VULMON: CVE-2021-30719 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202105-1449 // NVD: CVE-2021-30719

REFERENCES

url:	https://support.apple.com/en-us/ht212529	Trust: 1.8
url:	https://support.apple.com/en-us/ht212530	Trust: 1.8
url:	https://support.apple.com/ht212529	Trust: 0.7
url:	https://www.zerodayinitiative.com/advisories/zdi-21-770/	Trust: 0.7
url:	https://www.cybersecurity-help.cz/vdb/sb2021041363	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30719	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021052415	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.1794	Trust: 0.6
url:	https://vigilance.fr/vulnerability/apple-macos-multiple-vulnerabilities-35514	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/125.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: ZDI: ZDI-21-770 // VULHUB: VHN-390452 // VULMON: CVE-2021-30719 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202105-1449 // NVD: CVE-2021-30719

CREDITS

Anonymous

Trust: 1.3

sources: ZDI: ZDI-21-770 // CNNVD: CNNVD-202105-1449

SOURCES

db:	ZDI	id:	ZDI-21-770
db:	VULHUB	id:	VHN-390452
db:	VULMON	id:	CVE-2021-30719
db:	CNNVD	id:	CNNVD-202104-975
db:	CNNVD	id:	CNNVD-202105-1449
db:	NVD	id:	CVE-2021-30719

LAST UPDATE DATE

2024-08-14T12:51:45.959000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-21-770	date:	2021-06-25T00:00:00
db:	VULHUB	id:	VHN-390452	date:	2021-09-16T00:00:00
db:	VULMON	id:	CVE-2021-30719	date:	2021-09-16T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-14T00:00:00
db:	CNNVD	id:	CNNVD-202105-1449	date:	2021-09-18T00:00:00
db:	NVD	id:	CVE-2021-30719	date:	2021-09-16T15:02:09.817

SOURCES RELEASE DATE

db:	ZDI	id:	ZDI-21-770	date:	2021-06-25T00:00:00
db:	VULHUB	id:	VHN-390452	date:	2021-09-08T00:00:00
db:	VULMON	id:	CVE-2021-30719	date:	2021-09-08T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-13T00:00:00
db:	CNNVD	id:	CNNVD-202105-1449	date:	2021-05-24T00:00:00
db:	NVD	id:	CVE-2021-30719	date:	2021-09-08T15:15:16.183