ID

VAR-202207-1484


CVE

CVE-2022-32844


TITLE

Race condition vulnerability in multiple Apple products

Trust: 0.8

sources: JVNDB: JVNDB-2022-020129

DESCRIPTION

A race condition was addressed with improved state handling. This issue is fixed in tvOS 15.6, watchOS 8.7, iOS 15.6 and iPadOS 15.6. An app with arbitrary kernel read and write capability may be able to bypass Pointer Authentication. iPadOS , iOS , tvOS Race condition vulnerabilities exist in multiple Apple products.Information may be obtained and information may be tampered with. iOS 15.6 and iPadOS 15.6

Trust: 1.8

sources: NVD: CVE-2022-32844 // JVNDB: JVNDB-2022-020129 // VULHUB: VHN-424933 // VULMON: CVE-2022-32844

AFFECTED PRODUCTS

vendor:applemodel:watchosscope:ltversion:8.7

Trust: 1.0

vendor:applemodel:ipadosscope:ltversion:15.6

Trust: 1.0

vendor:applemodel:tvosscope:ltversion:15.6

Trust: 1.0

vendor:applemodel:iphone osscope:ltversion:15.6

Trust: 1.0

vendor:アップルmodel:ipadosscope: - version: -

Trust: 0.8

vendor:アップルmodel:watchosscope:eqversion:8.7

Trust: 0.8

vendor:アップルmodel:iosscope: - version: -

Trust: 0.8

vendor:アップルmodel:tvosscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-020129 // NVD: CVE-2022-32844

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-32844
value: MEDIUM

Trust: 1.0

NVD: CVE-2022-32844
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202207-2081
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2022-32844
baseSeverity: MEDIUM
baseScore: 6.3
vectorString: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
attackVector: LOCAL
attackComplexity: HIGH
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 1.0
impactScore: 5.2
version: 3.1

Trust: 1.0

NVD: CVE-2022-32844
baseSeverity: MEDIUM
baseScore: 6.3
vectorString: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
attackVector: LOCAL
attackComplexity: HIGH
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2022-020129 // CNNVD: CNNVD-202207-2081 // NVD: CVE-2022-32844

PROBLEMTYPE DATA

problemtype:CWE-362

Trust: 1.0

problemtype:Race condition (CWE-362) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-020129 // NVD: CVE-2022-32844

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202207-2081

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-202207-2081

PATCH

title:HT213342 Apple  Security updateurl:https://support.apple.com/en-us/HT213340

Trust: 0.8

title:Apple iOS and iPadOS Remediation measures for authorization problem vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=200838

Trust: 0.6

title:Apple: iOS 15.6 and iPadOS 15.6url:https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=25de7f37f4830a629a57f79175aeaa2a

Trust: 0.1

sources: VULMON: CVE-2022-32844 // JVNDB: JVNDB-2022-020129 // CNNVD: CNNVD-202207-2081

EXTERNAL IDS

db:NVDid:CVE-2022-32844

Trust: 3.4

db:JVNDBid:JVNDB-2022-020129

Trust: 0.8

db:AUSCERTid:ESB-2022.3563

Trust: 0.6

db:CS-HELPid:SB2022072107

Trust: 0.6

db:CNNVDid:CNNVD-202207-2081

Trust: 0.6

db:VULHUBid:VHN-424933

Trust: 0.1

db:VULMONid:CVE-2022-32844

Trust: 0.1

sources: VULHUB: VHN-424933 // VULMON: CVE-2022-32844 // JVNDB: JVNDB-2022-020129 // CNNVD: CNNVD-202207-2081 // NVD: CVE-2022-32844

REFERENCES

url:https://support.apple.com/en-us/ht213346

Trust: 2.3

url:https://support.apple.com/en-us/ht213340

Trust: 1.7

url:https://support.apple.com/en-us/ht213342

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2022-32844

Trust: 0.8

url:https://vigilance.fr/vulnerability/apple-ios-multiple-vulnerabilities-38878

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.3563

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022072107

Trust: 0.6

url:https://cxsecurity.com/cveshow/cve-2022-32844/

Trust: 0.6

url:https://support.apple.com/kb/ht213346

Trust: 0.1

sources: VULHUB: VHN-424933 // VULMON: CVE-2022-32844 // JVNDB: JVNDB-2022-020129 // CNNVD: CNNVD-202207-2081 // NVD: CVE-2022-32844

SOURCES

db:VULHUBid:VHN-424933
db:VULMONid:CVE-2022-32844
db:JVNDBid:JVNDB-2022-020129
db:CNNVDid:CNNVD-202207-2081
db:NVDid:CVE-2022-32844

LAST UPDATE DATE

2024-08-14T12:46:30.023000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-424933date:2023-03-07T00:00:00
db:JVNDBid:JVNDB-2022-020129date:2023-10-31T07:34:00
db:CNNVDid:CNNVD-202207-2081date:2023-03-08T00:00:00
db:NVDid:CVE-2022-32844date:2023-08-08T14:22:24.967

SOURCES RELEASE DATE

db:VULHUBid:VHN-424933date:2023-02-27T00:00:00
db:JVNDBid:JVNDB-2022-020129date:2023-10-31T00:00:00
db:CNNVDid:CNNVD-202207-2081date:2022-07-20T00:00:00
db:NVDid:CVE-2022-32844date:2023-02-27T20:15:11.860