CVE-2019-6205: A memory corruption issue was addressed with improved lock state checking. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2. A malicious…

CVE-2019-6205 [HIGH] CWE-787 GHSA-w2px-wm37-g99g: A memory corruption issue was addressed with improved lock state checking A memory corruption issue was addressed with improved lock state checking. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2. A malicious application may cause unexpected changes in memory shared between processes.

CVE-2019-6205 [HIGH] CVE-2019-6205: iOS 12.1.3 Apple Security Update: About the security content of iOS 12.1.3 Product: iOS Version: 12.1.3 CVE: CVE-2019-6205 Component: Kernel Impact: A malicious application may cause unexpected changes in memory shared between processes Description: A memory corruption issue was addressed with improved lock state checking.

CVE-2019-6205 [HIGH] CVE-2019-6205: macOS Mojave 10.14.3, Security Update 2019-001 High Sierra, Security Update 2019-001 Sierra Apple Security Update: About the security content of macOS Mojave 10.14.3, Security Update 2019-001 High Sierra, Security Update 2019-001 Sierra Product: macOS Mojave 10.14.3, Security Update 2019-001 High Sierra, Security Update 2019-001 Sierra CVE: CVE-2019-6205 Component: Kernel Impact: A malicious application may cause unexpected changes in memory shared between processes Description: A memory corruption issue was addressed with improved lock state checking.

CVE-2019-6205 [HIGH] CVE-2019-6205: tvOS 12.1.2 Apple Security Update: About the security content of tvOS 12.1.2 Product: tvOS Version: 12.1.2 CVE: CVE-2019-6205 Component: Kernel Impact: A malicious application may cause unexpected changes in memory shared between processes Description: A memory corruption issue was addressed with improved lock state checking.

CVE-2019-6205 macOS < 10.14.3 / iOS < 12.1.3 XNU - 'vm_map_copy' Optimization which Requires Atomicity isn't Atomic macOS internal && src_object->copy_strategy == MEMORY_OBJECT_COPY_SYMMETRIC && !map_share))) { /* * If we are destroying the source, and the object * is internal, we can move the object reference * from the source to the copy. The copy is * copy-on-write only if the source is. * We make another reference to the object, because * destroying the source entry will deallocate it. vm_object_reference(src_object); /* * Copy is always unwired. vm_map_copy_entry * set its wired count to zero. goto CopySuccessful; This optimization will apply if the vm_map_entry represents anonymous memory and the semantics of the copy will cause that memory to be deallocated from the source map. In this case, as the comment describes, we can just "move" the entry to the target map. The issue is that this mo