CVE-2021-30883 - OpenCVE

A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 15.0.2 and iPadOS 15.0.2, macOS Monterey 12.0.1, iOS 14.8.1 and iPadOS 14.8.1, tvOS 15.1, watchOS 8.1, macOS Big Sur 11.6.1. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited..

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:M/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Apple	Iphone Os Watchos Tvos Ipad Os Ipados Macos

Configuration 1 [-]

OR	cpe:2.3:o:apple:ipad_os::::::::
	cpe:2.3:o:apple:ipados:15.0:::::::*
	cpe:2.3:o:apple:ipados:15.0.1:::::::*
	cpe:2.3:o:apple:iphone_os::::::::
	cpe:2.3:o:apple:iphone_os:15.0:::::::*
	cpe:2.3:o:apple:iphone_os:15.0.1:::::::*
	cpe:2.3:o:apple:macos::::::::
	cpe:2.3:o:apple:macos:12.0:::::::*
	cpe:2.3:o:apple:tvos::::::::
	cpe:2.3:o:apple:watchos::::::::

References

Link	Resource
https://support.apple.com/en-us/HT212846
https://support.apple.com/en-us/HT212868
https://support.apple.com/en-us/HT212869
https://support.apple.com/en-us/HT212872
https://support.apple.com/en-us/HT212874
https://support.apple.com/en-us/HT212876

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: apple

Published: 2021-08-24T18:49:47

Updated: 2021-10-28T18:29:41

Reserved: 2021-04-13T00:00:00

Link: CVE-2021-30883

JSON object: View

NVD Information

Status : Modified

Published: 2021-08-24T19:15:16.403

Modified: 2023-11-07T03:33:41.033

Link: CVE-2021-30883

JSON object: View

Redhat Information

No data.

CWE

CWE-787

{"containers": {"cna": {"affected": [{"product": "iOS and iPadOS", "vendor": "Apple", "versions": [{"lessThan": "15.0", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "iOS and iPadOS", "vendor": "Apple", "versions": [{"lessThan": "14.8", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "macOS", "vendor": "Apple", "versions": [{"lessThan": "12.0", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "macOS", "vendor": "Apple", "versions": [{"lessThan": "11.6", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "macOS", "vendor": "Apple", "versions": [{"lessThan": "8.1", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "macOS", "vendor": "Apple", "versions": [{"lessThan": "15.1", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 15.0.2 and iPadOS 15.0.2, macOS Monterey 12.0.1, iOS 14.8.1 and iPadOS 14.8.1, tvOS 15.1, watchOS 8.1, macOS Big Sur 11.6.1. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.."}], "problemTypes": [{"descriptions": [{"description": "An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-10-28T18:29:41", "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://support.apple.com/en-us/HT212869"}, {"tags": ["x_refsource_MISC"], "url": "https://support.apple.com/en-us/HT212872"}, {"tags": ["x_refsource_MISC"], "url": "https://support.apple.com/en-us/HT212846"}, {"tags": ["x_refsource_MISC"], "url": "https://support.apple.com/en-us/HT212868"}, {"tags": ["x_refsource_MISC"], "url": "https://support.apple.com/en-us/HT212874"}, {"tags": ["x_refsource_MISC"], "url": "https://support.apple.com/en-us/HT212876"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "product-security@apple.com", "ID": "CVE-2021-30883", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "iOS and iPadOS", "version": {"version_data": [{"version_affected": "<", "version_value": "15.0"}]}}, {"product_name": "iOS and iPadOS", "version": {"version_data": [{"version_affected": "<", "version_value": "14.8"}]}}, {"product_name": "macOS", "version": {"version_data": [{"version_affected": "<", "version_value": "12.0"}]}}, {"product_name": "macOS", "version": {"version_data": [{"version_affected": "<", "version_value": "11.6"}]}}, {"product_name": "macOS", "version": {"version_data": [{"version_affected": "<", "version_value": "8.1"}]}}, {"product_name": "macOS", "version": {"version_data": [{"version_affected": "<", "version_value": "15.1"}]}}]}, "vendor_name": "Apple"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 15.0.2 and iPadOS 15.0.2, macOS Monterey 12.0.1, iOS 14.8.1 and iPadOS 14.8.1, tvOS 15.1, watchOS 8.1, macOS Big Sur 11.6.1. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited."}]}]}, "references": {"reference_data": [{"name": "https://support.apple.com/en-us/HT212869", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT212869"}, {"name": "https://support.apple.com/en-us/HT212872", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT212872"}, {"name": "https://support.apple.com/en-us/HT212846", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT212846"}, {"name": "https://support.apple.com/en-us/HT212868", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT212868"}, {"name": "https://support.apple.com/en-us/HT212874", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT212874"}, {"name": "https://support.apple.com/en-us/HT212876", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT212876"}]}}}}, "cveMetadata": {"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "cveId": "CVE-2021-30883", "datePublished": "2021-08-24T18:49:47", "dateReserved": "2021-04-13T00:00:00", "dateUpdated": "2021-10-28T18:29:41", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"cisaActionDue": "2022-06-13", "cisaExploitAdd": "2022-05-23", "cisaRequiredAction": "Apply updates per vendor instructions.", "cisaVulnerabilityName": "Apple Multiple Products Memory Corruption Vulnerability", "configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:apple:ipad_os:*:*:*:*:*:*:*:*", "matchCriteriaId": "A9DB9916-6DA1-4A32-86A2-AD8DC5246709", "versionEndExcluding": "14.8.1", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:ipados:15.0:*:*:*:*:*:*:*", "matchCriteriaId": "6361C54F-4F5D-4624-8A1F-69DBC6AD4A69", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:ipados:15.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "45E581A3-DFD3-4999-8B55-006C2D633C6C", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "matchCriteriaId": "54888682-EF77-4F2A-B07F-AA86B0C65717", "versionEndExcluding": "14.8.1", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:iphone_os:15.0:*:*:*:*:*:*:*", "matchCriteriaId": "A332DEC8-FB74-404E-BE6A-46DB0DEDAA59", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:iphone_os:15.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "71D5AE70-0104-442F-927A-8378C22D1941", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "matchCriteriaId": "3ADD7C81-7CB2-4505-ACA0-9EC193E347D1", "versionEndExcluding": "11.6.1", "versionStartIncluding": "11.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:macos:12.0:*:*:*:*:*:*:*", "matchCriteriaId": "1974DC5F-8F37-4582-B597-E58C94189193", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", "matchCriteriaId": "9A76BB8B-613D-46B7-80F8-83B6EF76F344", "versionEndExcluding": "15.1", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", "matchCriteriaId": "A82F66E5-A6BF-4D7A-8DCA-DD4C35723936", "versionEndExcluding": "8.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 15.0.2 and iPadOS 15.0.2, macOS Monterey 12.0.1, iOS 14.8.1 and iPadOS 14.8.1, tvOS 15.1, watchOS 8.1, macOS Big Sur 11.6.1. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.."}, {"lang": "es", "value": "Se abord\u00f3 un problema de corrupci\u00f3n de memoria con un manejo de memoria mejorada. Este problema se corrigi\u00f3 en iOS versi\u00f3n 15.0.2 y iPadOS versi\u00f3n 15.0.2, macOS Monterey versi\u00f3n 12.0.1, iOS versi\u00f3n 14.8.1 y iPadOS versi\u00f3n 14.8.1, tvOS versi\u00f3n 15.1, watchOS versi\u00f3n 8.1, macOS Big Sur versi\u00f3n 11.6.1. Una aplicaci\u00f3n puede ser capaz de ejecutar c\u00f3digo arbitrario con privilegios del kernel. Apple es consciente de un informe de que este problema puede haber sido explotado activamente"}], "id": "CVE-2021-30883", "lastModified": "2023-11-07T03:33:41.033", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-08-24T19:15:16.403", "references": [{"source": "product-security@apple.com", "url": "https://support.apple.com/en-us/HT212846"}, {"source": "product-security@apple.com", "url": "https://support.apple.com/en-us/HT212868"}, {"source": "product-security@apple.com", "url": "https://support.apple.com/en-us/HT212869"}, {"source": "product-security@apple.com", "url": "https://support.apple.com/en-us/HT212872"}, {"source": "product-security@apple.com", "url": "https://support.apple.com/en-us/HT212874"}, {"source": "product-security@apple.com", "url": "https://support.apple.com/en-us/HT212876"}], "sourceIdentifier": "product-security@apple.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}