Lucene search

AppleCVE-2021-30676

HistorySep 08, 2021 - 3:15 p.m.

CVE-2021-30676

2021-09-0815:15:14

apple

web.nvd.nist.gov

cve-2021-30676

macos

security update

kernel memory

state management

logic issue

CVSS2

6.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:N/A:C

CVSS3

7.1

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

AI Score

6.6

Confidence

High

EPSS

Percentile

5.1%

JSON

A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave. A local user may be able to cause unexpected system termination or read kernel memory.

Affected configurations

Nvd

Vulners

Node

applemac_os_xRange10.14–10.14.5

applemac_os_xRange10.15–10.15.6

applemac_os_xMatch10.14.6-

applemac_os_xMatch10.14.6security_update_2019-001

applemac_os_xMatch10.14.6security_update_2019-002

applemac_os_xMatch10.14.6security_update_2019-004

applemac_os_xMatch10.14.6security_update_2019-005

applemac_os_xMatch10.14.6security_update_2019-006

applemac_os_xMatch10.14.6security_update_2019-007

applemac_os_xMatch10.14.6security_update_2020-001

applemac_os_xMatch10.14.6security_update_2020-002

applemac_os_xMatch10.14.6security_update_2020-003

applemac_os_xMatch10.14.6security_update_2020-004

applemac_os_xMatch10.14.6security_update_2020-005

applemac_os_xMatch10.14.6security_update_2020-006

applemac_os_xMatch10.14.6security_update_2020-007

applemac_os_xMatch10.14.6security_update_2021-001

applemac_os_xMatch10.14.6security_update_2021-002

applemac_os_xMatch10.14.6security_update_2021-003

applemac_os_xMatch10.14.6supplemental_update

applemac_os_xMatch10.14.6supplemental_update_2

applemac_os_xMatch10.15.7-

applemac_os_xMatch10.15.7security_update_2020

applemac_os_xMatch10.15.7security_update_2020-001

applemac_os_xMatch10.15.7security_update_2020-005

applemac_os_xMatch10.15.7security_update_2020-007

applemac_os_xMatch10.15.7security_update_2021-001

applemac_os_xMatch10.15.7security_update_2021-002

applemac_os_xMatch10.15.7supplemental_update

applemacosRange11.0–11.4

VendorProductVersionCPE
applemac_os_x*cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
applemac_os_x10.14.6cpe:2.3:o:apple:mac_os_x:10.14.6:-:*:*:*:*:*:*
applemac_os_x10.14.6cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-001:*:*:*:*:*:*
applemac_os_x10.14.6cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-002:*:*:*:*:*:*
applemac_os_x10.14.6cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-004:*:*:*:*:*:*
applemac_os_x10.14.6cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-005:*:*:*:*:*:*
applemac_os_x10.14.6cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-006:*:*:*:*:*:*
applemac_os_x10.14.6cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-007:*:*:*:*:*:*
applemac_os_x10.14.6cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-001:*:*:*:*:*:*
applemac_os_x10.14.6cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-002:*:*:*:*:*:*

Vendor	Product	Version	CPE
apple	mac_os_x	*	cpe:2.3:o:apple:mac_os_x::::::::
apple	mac_os_x	10.14.6	cpe:2.3:o:apple:mac_os_x:10.14.6:-::::::
apple	mac_os_x	10.14.6	cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-001::::::
apple	mac_os_x	10.14.6	cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-002::::::
apple	mac_os_x	10.14.6	cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-004::::::
apple	mac_os_x	10.14.6	cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-005::::::
apple	mac_os_x	10.14.6	cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-006::::::
apple	mac_os_x	10.14.6	cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-007::::::
apple	mac_os_x	10.14.6	cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-001::::::
apple	mac_os_x	10.14.6	cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-002::::::

Rows per page:

1-10 of 291

CNA Affected

[
  {
    "product": "macOS",
    "vendor": "Apple",
    "versions": [
      {
        "lessThan": "11.4",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "macOS",
    "vendor": "Apple",
    "versions": [
      {
        "lessThan": "2021",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "macOS",
    "vendor": "Apple",
    "versions": [
      {
        "lessThan": "2021",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

support.apple.com/en-us/HT212529

support.apple.com/en-us/HT212530

support.apple.com/en-us/HT212531

CVSS2

6.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:N/A:C

CVSS3

7.1

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

AI Score

6.6

Confidence

High

EPSS

Percentile

5.1%

JSON

Related for CVE-2021-30676