⚠ Actively exploited
Added to CISA KEV on 2022-04-04. Federal agencies required to patch by 2022-04-25. Required action: Apply updates per vendor instructions..

CVE-2022-22674Out-of-bounds Read in Apple Macos

CWE-125Out-of-bounds ReadCWE-20Improper Input Validation8 documents6 sources
Severity
5.5MEDIUMNVD
EPSS
0.2%
top 55.64%
CISA KEV
KEV
Added 2022-04-04
Due 2022-04-25
Exploit
Exploited in wild
Active exploitation observed
Affected products
2
Apple MacosApple MAC OS X
Timeline
KEV addedApr 4
KEV dueApr 25
PublishedMay 26
Latest updateMay 27
CISA Required Action: Apply updates per vendor instructions.

Description

An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue is fixed in macOS Monterey 12.3.1, Security Update 2022-004 Catalina, macOS Big Sur 11.6.6. A local user may be able to read kernel memory.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

CVEListV5apple/macosunspecified12.3+2
NVDapple/macos11.011.6.6+1
NVDapple/mac_os_x10.1510.15.7+1

🔴Vulnerability Details

3
GHSA
GHSA-mj8g-26g5-c9fp: An out-of-bounds read issue existed that led to the disclosure of kernel memory2022-05-27
CVEList
CVE-2022-22674: An out-of-bounds read issue existed that led to the disclosure of kernel memory2022-05-26
VulnCheck
Apple macOS Out-of-Bounds Read Vulnerability2022

📋Vendor Advisories

4
Apple
CVE-2022-22674: Security Update 2022-004 Catalina2022-05-16
Apple
CVE-2022-22674: macOS Big Sur 11.6.62022-05-16
CISA
Apple macOS Out-of-Bounds Read Vulnerability2022-04-04
Apple
CVE-2022-22674: macOS Monterey 12.3.12022-03-31
CVE-2022-22674 — Out-of-bounds Read in Apple Macos | cvebase