CVE-2020-27904 - A logic issue existed resulting in memory corruption. This was addressed with improved state managem

CVE-2020-27904

Summary

A logic issue existed resulting in memory corruption. This was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1. An application may be able to execute arbitrary code with kernel privileges.

References

http://seclists.org/fulldisclosure/2020/Dec/32
http://seclists.org/fulldisclosure/2021/Feb/14
https://support.apple.com/en-us/HT211931
https://support.apple.com/kb/HT212147

Vulnerable Configurations

cpe:2.3:o:apple:macos:11.0:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:11.0:*:*:*:*:*:*:*

CVSS

Base:	9.3 (as of 10-02-2021 - 15:49)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:M/Au:N/C:C/I:C/A:C

refmap via4

fulldisc	20201215 APPLE-SA-2020-12-14-4 Additional information for APPLE-SA-2020-11-13-1 macOS Big Sur 11.0.1
misc	https://support.apple.com/en-us/HT211931

Last major update

10-02-2021 - 15:49

Published

08-12-2020 - 21:15

Last modified

10-02-2021 - 15:49