Vulnerability Name:

CVE-2020-27897 (CCN-192818)

Assigned:2020-12-08
Published:2020-12-08
Updated:2021-05-04
Summary:An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1. An application may be able to execute arbitrary code with kernel privileges.
CVSS v3 Severity:7.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
6.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
7.8 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H)
6.8 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): High
Privileges Required (PR): Low
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
6.0 Medium (CCN CVSS v2 Vector: AV:L/AC:H/Au:S/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): High
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-787
Vulnerability Consequences:Gain Privileges
References:Source: MITRE
Type: CNA
CVE-2020-27897

Source: XF
Type: UNKNOWN
apple-cve202027897-priv-esc(192818)

Source: MISC
Type: Vendor Advisory
https://support.apple.com/en-us/HT211931

Source: CCN
Type: Apple security document HT212011
About the security content of macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave

Source: MISC
Type: Vendor Advisory
https://support.apple.com/en-us/HT212011

Source: CCN
Type: Apple Web site
Apple

Source: CCN
Type: ZDI-20-1401
Apple macOS Kernel Command 0x10005 Out-Of-Bounds Write Privilege Escalation Vulnerability

Source: CCN
Type: ZDI-20-1402
Apple macOS Kernel Command 0x10006 Out-Of-Bounds Write Privilege Escalation Vulnerability

Source: CCN
Type: ZDI-20-1403
Apple macOS Kernel Command 0x10007 Out-Of-Bounds Write Privilege Escalation Vulnerability

Source: CCN
Type: ZDI-21-378
Apple macOS AppleIntelKBLGraphics IOCTL 0x10004 Out-Of-Bounds Write Privilege Escalation Vulnerability

Source: CCN
Type: ZDI-21-379
Apple macOS AppleIntelKBLGraphics IOCTL 0x20001 Out-Of-Bounds Write Privilege Escalation Vulnerability

Source: CCN
Type: ZDI-21-380
Apple macOS AppleIntelKBLGraphics IOCTL 0x1000D Out-Of-Bounds Write Privilege Escalation Vulnerability

Source: CCN
Type: ZDI-21-381
Apple macOS AppleIntelKBLGraphics IOCTL 0x10009 Out-Of-Bounds Write Privilege Escalation Vulnerability

Source: CCN
Type: ZDI-21-382
Apple macOS AppleIntelKBLGraphics IOCTL 0x30003 Out-Of-Bounds Write Privilege Escalation Vulnerability

Source: CCN
Type: ZDI-21-383
Apple macOS AppleIntelKBLGraphics IOCTL 0x1000E Out-Of-Bounds Write Privilege Escalation Vulnerability

Source: CCN
Type: ZDI-21-384
Apple macOS AppleIntelKBLGraphics IOCTL 0x30004 Out-Of-Bounds Write Privilege Escalation Vulnerability

Source: CCN
Type: ZDI-21-385
Apple macOS AppleIntelKBLGraphics IOCTL 0x1000B Out-Of-Bounds Write Privilege Escalation Vulnerability

Source: CCN
Type: ZDI-21-386
Apple macOS AppleIntelKBLGraphics IOCTL 0x1000A Out-Of-Bounds Write Privilege Escalation Vulnerability

Source: CCN
Type: ZDI-21-387
Apple macOS AppleIntelKBLGraphics IOCTL 0x1000C Out-Of-Bounds Write Privilege Escalation Vulnerability

Source: CCN
Type: ZDI-21-388
Apple macOS AppleIntelKBLGraphics IOCTL 0x10008 Out-Of-Bounds Write Privilege Escalation Vulnerability

Source: CCN
Type: ZDI-21-390
Apple macOS AppleIntelKBLGraphics IOCTL 0x10014 Out-Of-Bounds Write Privilege Escalation Vulnerability

Source: CCN
Type: ZDI-21-391
Apple macOS AppleIntelKBLGraphics IOCTL 0x10010 Out-Of-Bounds Write Privilege Escalation Vulnerability

Source: CCN
Type: ZDI-21-392
Apple macOS AppleIntelKBLGraphics IOCTL 0x1000F Out-Of-Bounds Write Privilege Escalation Vulnerability

Source: CCN
Type: ZDI-21-393
Apple macOS AppleIntelKBLGraphics IOCTL 0x10013 Out-Of-Bounds Write Privilege Escalation Vulnerability

Source: CCN
Type: ZDI-21-394
Apple macOS AppleIntelKBLGraphics IOCTL 0x10012 Out-Of-Bounds Write Privilege Escalation Vulnerability

Source: CCN
Type: ZDI-21-395
Apple macOS AppleIntelKBLGraphics IOCTL 0x10015 Out-Of-Bounds Write Privilege Escalation Vulnerability

Source: CCN
Type: ZDI-21-396
Apple macOS AppleIntelKBLGraphics IOCTL 0x30000 Out-Of-Bounds Write Privilege Escalation Vulnerability

Source: CCN
Type: ZDI-21-397
Apple macOS AppleIntelKBLGraphics IOCTL 0x10011 Out-Of-Bounds Write Privilege Escalation Vulnerability

Source: CCN
Type: ZDI-21-486
Apple macOS AppleIntelKBLGraphics IOCTL 0x10003 Out-Of-Bounds Write Privilege Escalation Vulnerability

Source: MISC
Type: Third Party Advisory, VDB Entry
https://www.zerodayinitiative.com/advisories/ZDI-21-486/

Vulnerable Configuration:Configuration 1:
  • cpe:/o:apple:mac_os_x:*:*:*:*:*:*:*:* (Version >= 10.14 and < 10.14.6)
  • OR cpe:/o:apple:mac_os_x:10.14.6:-:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.14.6:security_update_2019-001:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.14.6:security_update_2019-002:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.14.6:security_update_2020-001:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.14.6:security_update_2020-002:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.14.6:security_update_2020-003:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.14.6:security_update_2020-004:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.14.6:security_update_2020-005:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.14.6:security_update_2020-006:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.14.6:supplemental_update:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.14.6:supplemental_update_2:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:*:*:*:*:*:*:*:* (Version >= 10.15 and < 10.15.7)
  • OR cpe:/o:apple:mac_os_x:10.15.7:supplemental_update:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.15.7:-:*:*:*:*:*:*
  • OR cpe:/o:apple:macos:*:*:*:*:*:*:*:* (Version >= 11.0 and < 11.1)

    • Configuration CCN 1:
  • cpe:/o:apple:macos_big_sur:11.0.0:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    apple mac os x *
    apple mac os x 10.14.6 -
    apple mac os x 10.14.6 security_update_2019-001
    apple mac os x 10.14.6 security_update_2019-002
    apple mac os x 10.14.6 security_update_2020-001
    apple mac os x 10.14.6 security_update_2020-002
    apple mac os x 10.14.6 security_update_2020-003
    apple mac os x 10.14.6 security_update_2020-004
    apple mac os x 10.14.6 security_update_2020-005
    apple mac os x 10.14.6 security_update_2020-006
    apple mac os x 10.14.6 supplemental_update
    apple mac os x 10.14.6 supplemental_update_2
    apple mac os x *
    apple mac os x 10.15.7 supplemental_update
    apple mac os x 10.15.7 -
    apple macos *
    apple macos big sur 11.0.0