← back
CVE-2022-22674

CVE-2022-22674

CVSS 5.5 MEDIUMEPSS 1.1%● KEVCWE-125
In short

A flaw allowed local users to read memory data that should be protected by the kernel, potentially exposing sensitive system information. This was fixed by improving how the system validates input data.

Technical detail

An out-of-bounds read vulnerability in kernel memory handling allowed local attackers to disclose kernel memory contents through improper input validation. The vulnerability requires local access and was remediated through enhanced input validation mechanisms across affected macOS versions.

Summary generated and translated by AI from the official description.
An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue is fixed in macOS Monterey 12.3.1, Security Update 2022-004 Catalina, macOS Big Sur 11.6.6. A local user may be able to read kernel memory.
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Affected products
Apple · macOS

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://support.apple.com/en-us/HT213220https://support.apple.com/en-us/HT213255https://support.apple.com/en-us/HT213256https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-22674