Details of VAR-202104-0160

ID

VAR-202104-0160

CVE

CVE-2020-27897

TITLE

Apple macOS AppleIntelKBLGraphics IOCTL 0x10011 Out-Of-Bounds Write Privilege Escalation Vulnerability

Trust: 0.7

sources: ZDI: ZDI-21-397

DESCRIPTION

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1. An application may be able to execute arbitrary code with kernel privileges. This vulnerability allows local attackers to escalate privileges on affected installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.The specific flaw exists within the handling of IOCTL 0x1000A in the AppleIntelKBLGraphics kext. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. Apple macOS is a set of dedicated operating systems developed by Apple Corporation for Mac computers. Apple macOS security vulnerability, currently there is no information about this vulnerability, please keep an eye on CNNVD or manufacturer announcements

Trust: 11.7

sources: NVD: CVE-2020-27897 // ZDI: ZDI-21-396 // ZDI: ZDI-20-1402 // ZDI: ZDI-21-486 // ZDI: ZDI-21-379 // ZDI: ZDI-21-381 // ZDI: ZDI-21-382 // ZDI: ZDI-21-383 // ZDI: ZDI-21-384 // ZDI: ZDI-21-397 // ZDI: ZDI-21-386 // ZDI: ZDI-21-390 // ZDI: ZDI-21-391 // ZDI: ZDI-21-392 // ZDI: ZDI-21-393 // ZDI: ZDI-21-394 // ZDI: ZDI-21-395 // ZDI: ZDI-21-385 // VULHUB: VHN-372008

AFFECTED PRODUCTS

vendor:	apple	model:	macos	scope:	-	version:	-	Trust: 11.9
vendor:	apple	model:	mac os x	scope:	gte	version:	10.15	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.15.7	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.14.6	Trust: 1.0
vendor:	apple	model:	macos	scope:	lt	version:	11.1	Trust: 1.0
vendor:	apple	model:	macos	scope:	gte	version:	11.0	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	lt	version:	10.15.7	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	lt	version:	10.14.6	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	gte	version:	10.14	Trust: 1.0

sources: ZDI: ZDI-21-397 // ZDI: ZDI-21-396 // ZDI: ZDI-21-395 // ZDI: ZDI-21-394 // ZDI: ZDI-21-393 // ZDI: ZDI-21-392 // ZDI: ZDI-21-391 // ZDI: ZDI-21-390 // ZDI: ZDI-21-386 // ZDI: ZDI-21-385 // ZDI: ZDI-21-384 // ZDI: ZDI-21-383 // ZDI: ZDI-21-382 // ZDI: ZDI-21-381 // ZDI: ZDI-21-379 // ZDI: ZDI-21-486 // ZDI: ZDI-20-1402 // NVD: CVE-2020-27897

CVSS

SEVERITY

CVSSV2

CVSSV3

ZDI:	CVE-2020-27897
value:	HIGH
Trust: 11.9
nvd@nist.gov:	CVE-2020-27897
value:	HIGH
Trust: 1.0
VULHUB:	VHN-372008
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2020-27897
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-372008
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

ZDI:	CVE-2020-27897
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	HIGH
privilegesRequired:	LOW
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.1
impactScore:	6.0
version:	3.0
Trust: 11.9
nvd@nist.gov:	CVE-2020-27897
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0

PROBLEMTYPE DATA

problemtype:

CWE-787

Trust: 1.1

sources: VULHUB: VHN-372008 // NVD: CVE-2020-27897

PATCH

title:	Apple has issued an update to correct this vulnerability.	url:	https://support.apple.com/en-us/HT212011	Trust: 10.5
title:	Apple has issued an update to correct this vulnerability.	url:	https://support.apple.com/HT212011	Trust: 0.7

EXTERNAL IDS

db:	NVD	id:	CVE-2020-27897	Trust: 13.0
db:	ZDI	id:	ZDI-21-486	Trust: 1.8
db:	ZDI_CAN	id:	ZDI-CAN-11961	Trust: 0.7
db:	ZDI	id:	ZDI-21-397	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-11960	Trust: 0.7
db:	ZDI	id:	ZDI-21-396	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-11623	Trust: 0.7
db:	ZDI	id:	ZDI-21-395	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-11621	Trust: 0.7
db:	ZDI	id:	ZDI-21-394	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-11619	Trust: 0.7
db:	ZDI	id:	ZDI-21-393	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-11618	Trust: 0.7
db:	ZDI	id:	ZDI-21-392	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-11617	Trust: 0.7
db:	ZDI	id:	ZDI-21-391	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-11616	Trust: 0.7
db:	ZDI	id:	ZDI-21-390	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-11585	Trust: 0.7
db:	ZDI	id:	ZDI-21-386	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-11584	Trust: 0.7
db:	ZDI	id:	ZDI-21-385	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-11496	Trust: 0.7
db:	ZDI	id:	ZDI-21-384	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-11494	Trust: 0.7
db:	ZDI	id:	ZDI-21-383	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-11493	Trust: 0.7
db:	ZDI	id:	ZDI-21-382	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-11473	Trust: 0.7
db:	ZDI	id:	ZDI-21-381	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-11470	Trust: 0.7
db:	ZDI	id:	ZDI-21-379	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-11959	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-11208	Trust: 0.7
db:	ZDI	id:	ZDI-20-1402	Trust: 0.7
db:	PACKETSTORM	id:	160538	Trust: 0.1
db:	VULHUB	id:	VHN-372008	Trust: 0.1

REFERENCES

url:	https://support.apple.com/en-us/ht212011	Trust: 11.6
url:	https://www.zerodayinitiative.com/advisories/zdi-21-486/	Trust: 1.1
url:	https://support.apple.com/en-us/ht211931	Trust: 1.1
url:	https://support.apple.com/ht212011	Trust: 0.7

CREDITS

ABC Research s.r.o.

Trust: 11.9

SOURCES

db:	ZDI	id:	ZDI-21-397
db:	ZDI	id:	ZDI-21-396
db:	ZDI	id:	ZDI-21-395
db:	ZDI	id:	ZDI-21-394
db:	ZDI	id:	ZDI-21-393
db:	ZDI	id:	ZDI-21-392
db:	ZDI	id:	ZDI-21-391
db:	ZDI	id:	ZDI-21-390
db:	ZDI	id:	ZDI-21-386
db:	ZDI	id:	ZDI-21-385
db:	ZDI	id:	ZDI-21-384
db:	ZDI	id:	ZDI-21-383
db:	ZDI	id:	ZDI-21-382
db:	ZDI	id:	ZDI-21-381
db:	ZDI	id:	ZDI-21-379
db:	ZDI	id:	ZDI-21-486
db:	ZDI	id:	ZDI-20-1402
db:	VULHUB	id:	VHN-372008
db:	NVD	id:	CVE-2020-27897

LAST UPDATE DATE

2024-12-10T19:59:45.120000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-21-397	date:	2021-03-30T00:00:00
db:	ZDI	id:	ZDI-21-396	date:	2021-03-30T00:00:00
db:	ZDI	id:	ZDI-21-395	date:	2021-03-30T00:00:00
db:	ZDI	id:	ZDI-21-394	date:	2021-03-30T00:00:00
db:	ZDI	id:	ZDI-21-393	date:	2021-03-30T00:00:00
db:	ZDI	id:	ZDI-21-392	date:	2021-03-30T00:00:00
db:	ZDI	id:	ZDI-21-391	date:	2021-03-30T00:00:00
db:	ZDI	id:	ZDI-21-390	date:	2021-03-30T00:00:00
db:	ZDI	id:	ZDI-21-386	date:	2021-03-30T00:00:00
db:	ZDI	id:	ZDI-21-385	date:	2021-03-30T00:00:00
db:	ZDI	id:	ZDI-21-384	date:	2021-03-30T00:00:00
db:	ZDI	id:	ZDI-21-383	date:	2021-03-30T00:00:00
db:	ZDI	id:	ZDI-21-382	date:	2021-03-30T00:00:00
db:	ZDI	id:	ZDI-21-381	date:	2021-03-30T00:00:00
db:	ZDI	id:	ZDI-21-379	date:	2021-03-30T00:00:00
db:	ZDI	id:	ZDI-21-486	date:	2021-04-28T00:00:00
db:	ZDI	id:	ZDI-20-1402	date:	2020-12-08T00:00:00
db:	VULHUB	id:	VHN-372008	date:	2021-05-04T00:00:00
db:	NVD	id:	CVE-2020-27897	date:	2024-11-21T05:22:00.443

SOURCES RELEASE DATE

db:	ZDI	id:	ZDI-21-397	date:	2021-03-30T00:00:00
db:	ZDI	id:	ZDI-21-396	date:	2021-03-30T00:00:00
db:	ZDI	id:	ZDI-21-395	date:	2021-03-30T00:00:00
db:	ZDI	id:	ZDI-21-394	date:	2021-03-30T00:00:00
db:	ZDI	id:	ZDI-21-393	date:	2021-03-30T00:00:00
db:	ZDI	id:	ZDI-21-392	date:	2021-03-30T00:00:00
db:	ZDI	id:	ZDI-21-391	date:	2021-03-30T00:00:00
db:	ZDI	id:	ZDI-21-390	date:	2021-03-30T00:00:00
db:	ZDI	id:	ZDI-21-386	date:	2021-03-30T00:00:00
db:	ZDI	id:	ZDI-21-385	date:	2021-03-30T00:00:00
db:	ZDI	id:	ZDI-21-384	date:	2021-03-30T00:00:00
db:	ZDI	id:	ZDI-21-383	date:	2021-03-30T00:00:00
db:	ZDI	id:	ZDI-21-382	date:	2021-03-30T00:00:00
db:	ZDI	id:	ZDI-21-381	date:	2021-03-30T00:00:00
db:	ZDI	id:	ZDI-21-379	date:	2021-03-30T00:00:00
db:	ZDI	id:	ZDI-21-486	date:	2021-04-28T00:00:00
db:	ZDI	id:	ZDI-20-1402	date:	2020-12-08T00:00:00
db:	VULHUB	id:	VHN-372008	date:	2021-04-02T00:00:00
db:	NVD	id:	CVE-2020-27897	date:	2021-04-02T18:15:15.090