Lucene search

China National Vulnerability DatabaseCNVD-2022-71991

HistoryJul 22, 2022 - 12:00 a.m.

Apple iOS and iPadOS GPU Driver Code Injection Vulnerability

2022-07-2200:00:00

China National Vulnerability Database

www.cnvd.org.cn

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

JSON

Apple iOS and Apple iPadOS are both products of Apple, an operating system developed for mobile devices. The vulnerability is caused by a boundary error in the GPU driver when handling untrusted input, which can be exploited to execute arbitrary code with root privileges.

CPENameOperatorVersion
Apple iOSlt15.6
Apple iPadOSlt15.6
Apple tvOSlt15.6
Apple watchOSlt8.7
Apple MacOS >=12.0，lt12.5

Name	Operator	Version
Apple iOS	lt	15.6
Apple iPadOS	lt	15.6
Apple tvOS	lt	15.6
Apple watchOS	lt	8.7
Apple MacOS >=12.0，	lt	12.5

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

JSON

Related for CNVD-2022-71991