CVE-2020-29622Race Condition in Apple Security Update Catalina

CWE-362Race Condition4 documents4 sources
Severity
7.5HIGHNVD
EPSS
0.4%
top 41.37%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apple Security Update CatalinaApple MAC OS X
Timeline
PublishedOct 19
Latest updateMay 24

Description

A race condition was addressed with additional validation. This issue is fixed in Security Update 2021-005 Catalina. Mounting a maliciously crafted NFS network share may lead to arbitrary code execution with system privileges.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.6 | Impact: 5.9

Affected Packages2 packages

CVEListV5apple/security_update_catalinaunspecified2021
NVDapple/mac_os_x10.1510.15.6+1

🔴Vulnerability Details

2
GHSA
GHSA-xx59-pwx8-cv7q: A race condition was addressed with additional validation2022-05-24
CVEList
CVE-2020-29622: A race condition was addressed with additional validation2021-10-19

📋Vendor Advisories

1
Apple
CVE-2020-29622: Security Update 2021-005 Catalina2021-09-13
CVE-2020-29622 — Race Condition in Apple | cvebase