Details of VAR-202207-1484

ID

VAR-202207-1484

CVE

CVE-2022-32844

TITLE

Race condition vulnerability in multiple Apple products

Trust: 0.8

sources: JVNDB: JVNDB-2022-020129

DESCRIPTION

A race condition was addressed with improved state handling. This issue is fixed in tvOS 15.6, watchOS 8.7, iOS 15.6 and iPadOS 15.6. An app with arbitrary kernel read and write capability may be able to bypass Pointer Authentication. iPadOS , iOS , tvOS Race condition vulnerabilities exist in multiple Apple products.Information may be obtained and information may be tampered with. iOS 15.6 and iPadOS 15.6

Trust: 1.8

sources: NVD: CVE-2022-32844 // JVNDB: JVNDB-2022-020129 // VULHUB: VHN-424933 // VULMON: CVE-2022-32844

AFFECTED PRODUCTS

vendor:	apple	model:	watchos	scope:	lt	version:	8.7	Trust: 1.0
vendor:	apple	model:	ipados	scope:	lt	version:	15.6	Trust: 1.0
vendor:	apple	model:	tvos	scope:	lt	version:	15.6	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	lt	version:	15.6	Trust: 1.0
vendor:	アップル	model:	ipados	scope:	-	version:	-	Trust: 0.8
vendor:	アップル	model:	watchos	scope:	eq	version:	8.7	Trust: 0.8
vendor:	アップル	model:	ios	scope:	-	version:	-	Trust: 0.8
vendor:	アップル	model:	tvos	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2022-020129 // NVD: CVE-2022-32844

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-32844
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2022-32844
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202207-2081
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2022-32844
baseSeverity:	MEDIUM
baseScore:	6.3
vectorString:	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
attackVector:	LOCAL
attackComplexity:	HIGH
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	1.0
impactScore:	5.2
version:	3.1
Trust: 1.0
NVD:	CVE-2022-32844
baseSeverity:	MEDIUM
baseScore:	6.3
vectorString:	CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
attackVector:	LOCAL
attackComplexity:	HIGH
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2022-020129 // CNNVD: CNNVD-202207-2081 // NVD: CVE-2022-32844

PROBLEMTYPE DATA

problemtype:	CWE-362	Trust: 1.0
problemtype:	Race condition (CWE-362) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2022-020129 // NVD: CVE-2022-32844

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202207-2081

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-202207-2081

PATCH

title:	HT213342 Apple Security update	url:	https://support.apple.com/en-us/HT213340	Trust: 0.8
title:	Apple iOS and iPadOS Remediation measures for authorization problem vulnerabilities	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=200838	Trust: 0.6
title:	Apple: iOS 15.6 and iPadOS 15.6	url:	https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=25de7f37f4830a629a57f79175aeaa2a	Trust: 0.1

sources: VULMON: CVE-2022-32844 // JVNDB: JVNDB-2022-020129 // CNNVD: CNNVD-202207-2081

EXTERNAL IDS

db:	NVD	id:	CVE-2022-32844	Trust: 3.4
db:	JVNDB	id:	JVNDB-2022-020129	Trust: 0.8
db:	AUSCERT	id:	ESB-2022.3563	Trust: 0.6
db:	CS-HELP	id:	SB2022072107	Trust: 0.6
db:	CNNVD	id:	CNNVD-202207-2081	Trust: 0.6
db:	VULHUB	id:	VHN-424933	Trust: 0.1
db:	VULMON	id:	CVE-2022-32844	Trust: 0.1

sources: VULHUB: VHN-424933 // VULMON: CVE-2022-32844 // JVNDB: JVNDB-2022-020129 // CNNVD: CNNVD-202207-2081 // NVD: CVE-2022-32844

REFERENCES

url:	https://support.apple.com/en-us/ht213346	Trust: 2.3
url:	https://support.apple.com/en-us/ht213340	Trust: 1.7
url:	https://support.apple.com/en-us/ht213342	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2022-32844	Trust: 0.8
url:	https://vigilance.fr/vulnerability/apple-ios-multiple-vulnerabilities-38878	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.3563	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022072107	Trust: 0.6
url:	https://cxsecurity.com/cveshow/cve-2022-32844/	Trust: 0.6
url:	https://support.apple.com/kb/ht213346	Trust: 0.1

sources: VULHUB: VHN-424933 // VULMON: CVE-2022-32844 // JVNDB: JVNDB-2022-020129 // CNNVD: CNNVD-202207-2081 // NVD: CVE-2022-32844

SOURCES

db:	VULHUB	id:	VHN-424933
db:	VULMON	id:	CVE-2022-32844
db:	JVNDB	id:	JVNDB-2022-020129
db:	CNNVD	id:	CNNVD-202207-2081
db:	NVD	id:	CVE-2022-32844

LAST UPDATE DATE

2024-08-14T12:46:30.023000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-424933	date:	2023-03-07T00:00:00
db:	JVNDB	id:	JVNDB-2022-020129	date:	2023-10-31T07:34:00
db:	CNNVD	id:	CNNVD-202207-2081	date:	2023-03-08T00:00:00
db:	NVD	id:	CVE-2022-32844	date:	2023-08-08T14:22:24.967

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-424933	date:	2023-02-27T00:00:00
db:	JVNDB	id:	JVNDB-2022-020129	date:	2023-10-31T00:00:00
db:	CNNVD	id:	CNNVD-202207-2081	date:	2022-07-20T00:00:00
db:	NVD	id:	CVE-2022-32844	date:	2023-02-27T20:15:11.860