Details of VAR-202104-0160

ID

VAR-202104-0160

CVE

CVE-2020-27897

TITLE

Apple macOS AppleIntelKBLGraphics IOCTL 0x10011 Out-Of-Bounds Write Privilege Escalation Vulnerability

Trust: 0.7

sources: ZDI: ZDI-21-397

DESCRIPTION

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1. An application may be able to execute arbitrary code with kernel privileges. This vulnerability allows local attackers to escalate privileges on affected installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.The specific flaw exists within the handling of IOCTL 0x1000A in the AppleIntelKBLGraphics kext. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. Apple macOS is a set of dedicated operating systems developed by Apple Corporation for Mac computers. Apple macOS security vulnerability, currently there is no information about this vulnerability, please keep an eye on CNNVD or manufacturer announcements

Trust: 10.53

sources: NVD: CVE-2020-27897 // ZDI: ZDI-21-386 // ZDI: ZDI-20-1401 // ZDI: ZDI-20-1402 // ZDI: ZDI-20-1403 // ZDI: ZDI-21-379 // ZDI: ZDI-21-382 // ZDI: ZDI-21-396 // ZDI: ZDI-21-397 // ZDI: ZDI-21-388 // ZDI: ZDI-21-391 // ZDI: ZDI-21-392 // ZDI: ZDI-21-393 // ZDI: ZDI-21-394 // ZDI: ZDI-21-395 // ZDI: ZDI-21-383 // VULHUB: VHN-372008 // VULMON: CVE-2020-27897

AFFECTED PRODUCTS

vendor:	apple	model:	macos	scope:	-	version:	-	Trust: 10.5
vendor:	apple	model:	mac os x	scope:	gte	version:	10.15	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.15.7	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.14.6	Trust: 1.0
vendor:	apple	model:	macos	scope:	lt	version:	11.1	Trust: 1.0
vendor:	apple	model:	macos	scope:	gte	version:	11.0	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	lt	version:	10.15.7	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	lt	version:	10.14.6	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	gte	version:	10.14	Trust: 1.0

sources: ZDI: ZDI-21-397 // ZDI: ZDI-21-396 // ZDI: ZDI-21-395 // ZDI: ZDI-21-394 // ZDI: ZDI-21-393 // ZDI: ZDI-21-392 // ZDI: ZDI-21-391 // ZDI: ZDI-21-388 // ZDI: ZDI-21-386 // ZDI: ZDI-21-383 // ZDI: ZDI-21-382 // ZDI: ZDI-21-379 // ZDI: ZDI-20-1403 // ZDI: ZDI-20-1402 // ZDI: ZDI-20-1401 // NVD: CVE-2020-27897

CVSS

SEVERITY

CVSSV2

CVSSV3

ZDI:	CVE-2020-27897
value:	HIGH
Trust: 10.5
nvd@nist.gov:	CVE-2020-27897
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-202012-1065
value:	HIGH
Trust: 0.6
VULHUB:	VHN-372008
value:	HIGH
Trust: 0.1
VULMON:	CVE-2020-27897
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2020-27897
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
VULHUB:	VHN-372008
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

ZDI:	CVE-2020-27897
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	HIGH
privilegesRequired:	LOW
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.1
impactScore:	6.0
version:	3.0
Trust: 10.5
nvd@nist.gov:	CVE-2020-27897
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0

PROBLEMTYPE DATA

problemtype:

CWE-787

Trust: 1.1

sources: VULHUB: VHN-372008 // NVD: CVE-2020-27897

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202012-1065

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202012-1065

PATCH

title:	Apple has issued an update to correct this vulnerability.	url:	https://support.apple.com/en-us/HT212011	Trust: 8.4
title:	Apple macOS Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=137019	Trust: 0.6
title:	Apple: macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave	url:	https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=60a51a6d3f600c46241622f208f75bff	Trust: 0.1
title:	macOS-iOS-system-security	url:	https://github.com/houjingyi233/macOS-iOS-system-security	Trust: 0.1
title:	sec-daily-2020	url:	https://github.com/alphaSeclab/sec-daily-2020	Trust: 0.1

sources: ZDI: ZDI-21-397 // ZDI: ZDI-21-396 // ZDI: ZDI-21-395 // ZDI: ZDI-21-394 // ZDI: ZDI-21-393 // ZDI: ZDI-21-392 // ZDI: ZDI-21-391 // ZDI: ZDI-21-388 // ZDI: ZDI-21-386 // ZDI: ZDI-21-383 // ZDI: ZDI-21-382 // ZDI: ZDI-21-379 // VULMON: CVE-2020-27897 // CNNVD: CNNVD-202012-1065

EXTERNAL IDS

db:	NVD	id:	CVE-2020-27897	Trust: 12.3
db:	ZDI	id:	ZDI-21-486	Trust: 1.7
db:	ZDI	id:	ZDI-21-397	Trust: 1.3
db:	ZDI_CAN	id:	ZDI-CAN-11961	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-11960	Trust: 0.7
db:	ZDI	id:	ZDI-21-396	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-11623	Trust: 0.7
db:	ZDI	id:	ZDI-21-395	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-11621	Trust: 0.7
db:	ZDI	id:	ZDI-21-394	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-11619	Trust: 0.7
db:	ZDI	id:	ZDI-21-393	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-11618	Trust: 0.7
db:	ZDI	id:	ZDI-21-392	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-11617	Trust: 0.7
db:	ZDI	id:	ZDI-21-391	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-11587	Trust: 0.7
db:	ZDI	id:	ZDI-21-388	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-11585	Trust: 0.7
db:	ZDI	id:	ZDI-21-386	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-11494	Trust: 0.7
db:	ZDI	id:	ZDI-21-383	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-11493	Trust: 0.7
db:	ZDI	id:	ZDI-21-382	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-11470	Trust: 0.7
db:	ZDI	id:	ZDI-21-379	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-11209	Trust: 0.7
db:	ZDI	id:	ZDI-20-1403	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-11208	Trust: 0.7
db:	ZDI	id:	ZDI-20-1402	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-11207	Trust: 0.7
db:	ZDI	id:	ZDI-20-1401	Trust: 0.7
db:	PACKETSTORM	id:	160538	Trust: 0.7
db:	AUSCERT	id:	ESB-2020.4060.2	Trust: 0.6
db:	CNNVD	id:	CNNVD-202012-1065	Trust: 0.6
db:	VULHUB	id:	VHN-372008	Trust: 0.1
db:	VULMON	id:	CVE-2020-27897	Trust: 0.1

REFERENCES

url:	https://support.apple.com/en-us/ht212011	Trust: 10.1
url:	https://www.zerodayinitiative.com/advisories/zdi-21-486/	Trust: 2.3
url:	https://support.apple.com/en-us/ht211931	Trust: 1.7
url:	https://www.zerodayinitiative.com/advisories/zdi-21-397/	Trust: 0.6
url:	https://packetstormsecurity.com/files/160538/apple-security-advisory-2020-12-14-3.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.4060.2/	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2020-27897	Trust: 0.6

sources: ZDI: ZDI-21-397 // ZDI: ZDI-21-396 // ZDI: ZDI-21-395 // ZDI: ZDI-21-394 // ZDI: ZDI-21-393 // ZDI: ZDI-21-392 // ZDI: ZDI-21-391 // ZDI: ZDI-21-388 // ZDI: ZDI-21-386 // ZDI: ZDI-21-383 // ZDI: ZDI-21-382 // ZDI: ZDI-21-379 // VULHUB: VHN-372008 // CNNVD: CNNVD-202012-1065 // NVD: CVE-2020-27897

CREDITS

ABC Research s.r.o.

Trust: 10.5

SOURCES

db:	ZDI	id:	ZDI-21-397
db:	ZDI	id:	ZDI-21-396
db:	ZDI	id:	ZDI-21-395
db:	ZDI	id:	ZDI-21-394
db:	ZDI	id:	ZDI-21-393
db:	ZDI	id:	ZDI-21-392
db:	ZDI	id:	ZDI-21-391
db:	ZDI	id:	ZDI-21-388
db:	ZDI	id:	ZDI-21-386
db:	ZDI	id:	ZDI-21-383
db:	ZDI	id:	ZDI-21-382
db:	ZDI	id:	ZDI-21-379
db:	ZDI	id:	ZDI-20-1403
db:	ZDI	id:	ZDI-20-1402
db:	ZDI	id:	ZDI-20-1401
db:	VULHUB	id:	VHN-372008
db:	VULMON	id:	CVE-2020-27897
db:	CNNVD	id:	CNNVD-202012-1065
db:	NVD	id:	CVE-2020-27897

LAST UPDATE DATE

2025-02-18T22:52:46.840000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-21-397	date:	2021-03-30T00:00:00
db:	ZDI	id:	ZDI-21-396	date:	2021-03-30T00:00:00
db:	ZDI	id:	ZDI-21-395	date:	2021-03-30T00:00:00
db:	ZDI	id:	ZDI-21-394	date:	2021-03-30T00:00:00
db:	ZDI	id:	ZDI-21-393	date:	2021-03-30T00:00:00
db:	ZDI	id:	ZDI-21-392	date:	2021-03-30T00:00:00
db:	ZDI	id:	ZDI-21-391	date:	2021-03-30T00:00:00
db:	ZDI	id:	ZDI-21-388	date:	2021-03-30T00:00:00
db:	ZDI	id:	ZDI-21-386	date:	2021-03-30T00:00:00
db:	ZDI	id:	ZDI-21-383	date:	2021-03-30T00:00:00
db:	ZDI	id:	ZDI-21-382	date:	2021-03-30T00:00:00
db:	ZDI	id:	ZDI-21-379	date:	2021-03-30T00:00:00
db:	ZDI	id:	ZDI-20-1403	date:	2020-12-08T00:00:00
db:	ZDI	id:	ZDI-20-1402	date:	2020-12-08T00:00:00
db:	ZDI	id:	ZDI-20-1401	date:	2020-12-08T00:00:00
db:	VULHUB	id:	VHN-372008	date:	2021-05-04T00:00:00
db:	VULMON	id:	CVE-2020-27897	date:	2021-05-04T00:00:00
db:	CNNVD	id:	CNNVD-202012-1065	date:	2021-05-06T00:00:00
db:	NVD	id:	CVE-2020-27897	date:	2024-11-21T05:22:00.443

SOURCES RELEASE DATE

db:	ZDI	id:	ZDI-21-397	date:	2021-03-30T00:00:00
db:	ZDI	id:	ZDI-21-396	date:	2021-03-30T00:00:00
db:	ZDI	id:	ZDI-21-395	date:	2021-03-30T00:00:00
db:	ZDI	id:	ZDI-21-394	date:	2021-03-30T00:00:00
db:	ZDI	id:	ZDI-21-393	date:	2021-03-30T00:00:00
db:	ZDI	id:	ZDI-21-392	date:	2021-03-30T00:00:00
db:	ZDI	id:	ZDI-21-391	date:	2021-03-30T00:00:00
db:	ZDI	id:	ZDI-21-388	date:	2021-03-30T00:00:00
db:	ZDI	id:	ZDI-21-386	date:	2021-03-30T00:00:00
db:	ZDI	id:	ZDI-21-383	date:	2021-03-30T00:00:00
db:	ZDI	id:	ZDI-21-382	date:	2021-03-30T00:00:00
db:	ZDI	id:	ZDI-21-379	date:	2021-03-30T00:00:00
db:	ZDI	id:	ZDI-20-1403	date:	2020-12-08T00:00:00
db:	ZDI	id:	ZDI-20-1402	date:	2020-12-08T00:00:00
db:	ZDI	id:	ZDI-20-1401	date:	2020-12-08T00:00:00
db:	VULHUB	id:	VHN-372008	date:	2021-04-02T00:00:00
db:	VULMON	id:	CVE-2020-27897	date:	2021-04-02T00:00:00
db:	CNNVD	id:	CNNVD-202012-1065	date:	2020-12-15T00:00:00
db:	NVD	id:	CVE-2020-27897	date:	2021-04-02T18:15:15.090