← back
CVE-2022-22674

CVE-2022-22674

CVSS 5.5 MEDIUMEPSS 1.1%● KEVCWE-125
Vexday Risk Score
43Attention
SSVC decision (CISA)
Attend
PoC available → attend closely
CVSS 5.5EPSS 1.1%KEV simPoC Nuclei Metasploit Patch
Lifecycle
04 Apr 2022Active exploitation (CISA KEV)
26 May 2022Published on NVD
Recommendation: Plan a near-term fix — a public PoC already exists.
In short

A flaw allowed local users to read memory data that should be protected by the kernel, potentially exposing sensitive system information. This was fixed by improving how the system validates input data.

Technical detail

An out-of-bounds read vulnerability in kernel memory handling allowed local attackers to disclose kernel memory contents through improper input validation. The vulnerability requires local access and was remediated through enhanced input validation mechanisms across affected macOS versions.

Summary generated and translated by AI from the official description.
An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue is fixed in macOS Monterey 12.3.1, Security Update 2022-004 Catalina, macOS Big Sur 11.6.6. A local user may be able to read kernel memory.
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Affected products
Apple · macOS

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://support.apple.com/en-us/HT213220https://support.apple.com/en-us/HT213255https://support.apple.com/en-us/HT213256https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-22674