ID

VAR-202210-1630


CVE

CVE-2022-42831


TITLE

Race condition vulnerability in multiple Apple products

Trust: 0.8

sources: JVNDB: JVNDB-2022-022840

DESCRIPTION

A race condition was addressed with improved locking. This issue is fixed in iOS 16.1 and iPadOS 16, macOS Ventura 13. An app with root privileges may be able to execute arbitrary code with kernel privileges. apple's iPadOS , iOS , macOS There is a race condition vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.71

sources: NVD: CVE-2022-42831 // JVNDB: JVNDB-2022-022840 // VULHUB: VHN-439616

AFFECTED PRODUCTS

vendor:applemodel:ipadosscope:ltversion:16.0

Trust: 1.0

vendor:applemodel:macosscope:ltversion:13.0

Trust: 1.0

vendor:applemodel:iphone osscope:ltversion:16.1

Trust: 1.0

vendor:アップルmodel:ipadosscope: - version: -

Trust: 0.8

vendor:アップルmodel:iosscope: - version: -

Trust: 0.8

vendor:アップルmodel:macosscope:eqversion:13.0

Trust: 0.8

sources: JVNDB: JVNDB-2022-022840 // NVD: CVE-2022-42831

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-42831
value: MEDIUM

Trust: 1.0

NVD: CVE-2022-42831
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202210-1653
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2022-42831
baseSeverity: MEDIUM
baseScore: 6.4
vectorString: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: HIGH
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.5
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2022-42831
baseSeverity: MEDIUM
baseScore: 6.4
vectorString: CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: HIGH
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2022-022840 // CNNVD: CNNVD-202210-1653 // NVD: CVE-2022-42831

PROBLEMTYPE DATA

problemtype:CWE-362

Trust: 1.1

problemtype:Race condition (CWE-362) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-439616 // JVNDB: JVNDB-2022-022840 // NVD: CVE-2022-42831

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202210-1653

TYPE

competition condition problem

Trust: 0.6

sources: CNNVD: CNNVD-202210-1653

PATCH

title:HT213488 Apple  Security updateurl:https://support.apple.com/en-us/HT213488

Trust: 0.8

title:Apple iOS and iPadOS Repair measures for the competition condition problem loopholeurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=213119

Trust: 0.6

sources: JVNDB: JVNDB-2022-022840 // CNNVD: CNNVD-202210-1653

EXTERNAL IDS

db:NVDid:CVE-2022-42831

Trust: 3.3

db:JVNDBid:JVNDB-2022-022840

Trust: 0.8

db:AUSCERTid:ESB-2022.5303

Trust: 0.6

db:CNNVDid:CNNVD-202210-1653

Trust: 0.6

db:VULHUBid:VHN-439616

Trust: 0.1

sources: VULHUB: VHN-439616 // JVNDB: JVNDB-2022-022840 // CNNVD: CNNVD-202210-1653 // NVD: CVE-2022-42831

REFERENCES

url:https://support.apple.com/en-us/ht213489

Trust: 2.3

url:https://support.apple.com/en-us/ht213488

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2022-42831

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2022-42831/

Trust: 0.6

url:https://vigilance.fr/vulnerability/apple-ios-multiple-vulnerabilities-39701

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.5303

Trust: 0.6

sources: VULHUB: VHN-439616 // JVNDB: JVNDB-2022-022840 // CNNVD: CNNVD-202210-1653 // NVD: CVE-2022-42831

SOURCES

db:VULHUBid:VHN-439616
db:JVNDBid:JVNDB-2022-022840
db:CNNVDid:CNNVD-202210-1653
db:NVDid:CVE-2022-42831

LAST UPDATE DATE

2024-08-14T12:08:11.365000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-439616date:2023-01-09T00:00:00
db:JVNDBid:JVNDB-2022-022840date:2023-11-21T01:54:00
db:CNNVDid:CNNVD-202210-1653date:2022-11-07T00:00:00
db:NVDid:CVE-2022-42831date:2023-01-09T16:41:59.350

SOURCES RELEASE DATE

db:VULHUBid:VHN-439616date:2022-11-01T00:00:00
db:JVNDBid:JVNDB-2022-022840date:2023-11-21T00:00:00
db:CNNVDid:CNNVD-202210-1653date:2022-10-24T00:00:00
db:NVDid:CVE-2022-42831date:2022-11-01T20:15:24.710