CVE-2022-22674
published 2022-05-26CVE-2022-22674: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue is fixed in…
medium5.5CVSS 3.1
AVLACLPRLUINSUCHINAN
KEVITW
CISA Known Exploited Vulnerabilitydue 2022-04-25
Exploited in the wild
An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue is fixed in macOS Monterey 12.3.1, Security Update 2022-004 Catalina, macOS Big Sur 11.6.6. A local user may be able to read kernel memory.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | mac_os_x | — | — |
| apple | mac_os_x | >= 10.15 < 10.15.7 | 10.15.7 |
| apple | macos | >= 11.0 < 11.6.6 | 11.6.6 |
| apple | macos | >= 12.0.0 < 12.3.1 | 12.3.1 |
| apple | macos | >= unspecified < 12.3 | 12.3 |
| apple | macos | >= unspecified < 2022 | 2022 |
| apple | macos | >= unspecified < 11.6 | 11.6 |
| apple | macos_big_sur | — | — |
| apple | macos_monterey | — | — |
| apple | security_update_2022-004_catalina | — | — |
CVSS provenance
nvdv3.15.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
vulncheck5.5MEDIUM
cisa5.5MEDIUM