Sign-up

ID

VAR-202210-1628


CVE

CVE-2022-42832


TITLE

Race condition vulnerability in multiple Apple products

Trust: 0.8

sources: JVNDB: JVNDB-2022-022838

DESCRIPTION

A race condition was addressed with improved locking. This issue is fixed in iOS 16.1 and iPadOS 16, macOS Ventura 13. An app with root privileges may be able to execute arbitrary code with kernel privileges. apple's iPadOS , iOS , macOS There is a race condition vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.71

sources: NVD: CVE-2022-42832 // JVNDB: JVNDB-2022-022838 // VULHUB: VHN-439618

AFFECTED PRODUCTS

vendor:applemodel:ipadosscope:ltversion:16.0

Trust: 1.0

vendor:applemodel:macosscope:ltversion:13.0

Trust: 1.0

vendor:applemodel:iphone osscope:ltversion:16.1

Trust: 1.0

vendor:アップルmodel:ipadosscope: - version: -

Trust: 0.8

vendor:アップルmodel:iosscope: - version: -

Trust: 0.8

vendor:アップルmodel:macosscope:eqversion:13.0

Trust: 0.8

sources: JVNDB: JVNDB-2022-022838 // NVD: CVE-2022-42832

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-42832
value: MEDIUM

Trust: 1.0

NVD: CVE-2022-42832
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202210-1655
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2022-42832
baseSeverity: MEDIUM
baseScore: 6.4
vectorString: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: HIGH
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.5
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2022-42832
baseSeverity: MEDIUM
baseScore: 6.4
vectorString: CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: HIGH
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2022-022838 // CNNVD: CNNVD-202210-1655 // NVD: CVE-2022-42832

PROBLEMTYPE DATA

problemtype:CWE-362

Trust: 1.1

problemtype:Race condition (CWE-362) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-439618 // JVNDB: JVNDB-2022-022838 // NVD: CVE-2022-42832

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202210-1655

TYPE

competition condition problem

Trust: 0.6

sources: CNNVD: CNNVD-202210-1655

PATCH

title:HT213488 Apple  Security updateurl:https://support.apple.com/en-us/HT213488

Trust: 0.8

title:Apple iOS and iPadOS Repair measures for the competition condition problem loopholeurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=213120

Trust: 0.6

sources: JVNDB: JVNDB-2022-022838 // CNNVD: CNNVD-202210-1655

EXTERNAL IDS

db:NVDid:CVE-2022-42832

Trust: 3.3

db:JVNDBid:JVNDB-2022-022838

Trust: 0.8

db:AUSCERTid:ESB-2022.5303

Trust: 0.6

db:CNNVDid:CNNVD-202210-1655

Trust: 0.6

db:VULHUBid:VHN-439618

Trust: 0.1

sources: VULHUB: VHN-439618 // JVNDB: JVNDB-2022-022838 // CNNVD: CNNVD-202210-1655 // NVD: CVE-2022-42832

REFERENCES

url:https://support.apple.com/en-us/ht213489

Trust: 2.3

url:https://support.apple.com/en-us/ht213488

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2022-42832

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2022-42832/

Trust: 0.6

url:https://vigilance.fr/vulnerability/apple-ios-multiple-vulnerabilities-39701

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.5303

Trust: 0.6

sources: VULHUB: VHN-439618 // JVNDB: JVNDB-2022-022838 // CNNVD: CNNVD-202210-1655 // NVD: CVE-2022-42832

SOURCES

db:VULHUBid:VHN-439618
db:JVNDBid:JVNDB-2022-022838
db:CNNVDid:CNNVD-202210-1655
db:NVDid:CVE-2022-42832

LAST UPDATE DATE

2024-08-14T13:03:20.403000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-439618date:2023-01-09T00:00:00
db:JVNDBid:JVNDB-2022-022838date:2023-11-21T01:52:00
db:CNNVDid:CNNVD-202210-1655date:2022-11-07T00:00:00
db:NVDid:CVE-2022-42832date:2023-01-09T16:41:59.350

SOURCES RELEASE DATE

db:VULHUBid:VHN-439618date:2022-11-01T00:00:00
db:JVNDBid:JVNDB-2022-022838date:2023-11-21T00:00:00
db:CNNVDid:CNNVD-202210-1655date:2022-10-24T00:00:00
db:NVDid:CVE-2022-42832date:2022-11-01T20:15:24.817