CVE-2020-9909 — Out-of-bounds Read in Apple Tvos

CWE-125 — Out-of-bounds Read6 documents4 sources

Severity

5.9MEDIUMNVD

EPSS

0.8%

top 26.41%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple IOS Apple Tvos Apple Watchos +2 more

Timeline

PublishedOct 16

Latest updateMay 24

Description

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8. An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 2.2 | Impact: 3.6

Affected Packages7 packages

▶CVEListV5apple/tvosunspecified — tvOS 13.4.8

▶NVDapple/tvos< 13.4.8

▶NVDapple/ipados< 13.6

▶CVEListV5apple/watchosunspecified — watchOS 6.2.8

▶NVDapple/watchos< 6.2.8

🔴Vulnerability Details

GHSA

GHSA-c4wh-283h-v2vf: An out-of-bounds read was addressed with improved bounds checking↗2022-05-24

▶

CVEList

CVE-2020-9909: An out-of-bounds read was addressed with improved bounds checking↗2020-10-16

▶

📋Vendor Advisories

Apple

CVE-2020-9909: watchOS 6.2.8↗2020-07-15

▶

Apple

CVE-2020-9909: tvOS 13.4.8↗2020-07-15

▶

Apple

CVE-2020-9909: iOS 13.6 and iPadOS 13.6↗2020-07-15

▶