CVE-2022-32926

Published on: Not Yet Published

Last Modified on: 01/09/2023 04:44:00 PM UTC

CVE-2022-32926

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Certain versions of Ipados from Apple contain the following vulnerability:

The issue was addressed with improved bounds checks. This issue is fixed in tvOS 16.1, iOS 15.7.1 and iPadOS 15.7.1, macOS Ventura 13, watchOS 9.1, iOS 16.1 and iPadOS 16. An app with root privileges may be able to execute arbitrary code with kernel privileges.

CVE-2022-32926 has been assigned by [email protected] to track the vulnerability - currently rated as MEDIUM severity.
Affected Vendor/Software: Apple - macOS version < 13
Affected Vendor/Software: Apple - tvOS version < 16.1
Affected Vendor/Software: Apple - tvOS version < 16.1
Affected Vendor/Software: Apple - tvOS version < 15.7
Affected Vendor/Software: Apple - watchOS version < 9.1

CVSS3 Score: 6.7 - MEDIUM

Attack Vector ^ⓘ	Attack Complexity	Privileges Required	User Interaction
LOCAL	LOW	HIGH	NONE
Scope	Confidentiality Impact	Integrity Impact	Availability Impact
UNCHANGED	HIGH	HIGH	HIGH

CVE References

Description	Tags ^ⓘ	Link
About the security content of watchOS 9.1 - Apple Support	support.apple.com text/html	MISC support.apple.com/en-us/HT213491
About the security content of iOS 15.7.1 and iPadOS 15.7.1 - Apple Support	support.apple.com text/html	MISC support.apple.com/en-us/HT213490
About the security content of tvOS 16.1 - Apple Support	support.apple.com text/html	MISC support.apple.com/en-us/HT213492
About the security content of macOS Ventura 13 - Apple Support	support.apple.com text/html	MISC support.apple.com/en-us/HT213488
About the security content of iOS 16.1 and iPadOS 16 - Apple Support	support.apple.com text/html	MISC support.apple.com/en-us/HT213489

By selecting these links, you may be leaving CVEreport webspace. We have provided these links to other websites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other websites that are more appropriate for your purpose. CVEreport does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, CVEreport does not endorse any commercial products that may be mentioned on these sites. Please address comments about any linked pages to [email protected].

Related QID Numbers

610440 Apple iOS 15.7.1 and iPadOS 15.7.1 Security Update Missing
610441 Apple iOS 16.1 and iPadOS 16 Security Update Missing

Known Affected Configurations (CPE V2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Operating System	Apple	Ipados	All	All	All	All
Operating System	Apple	Ipad Os	All	All	All	All
Operating System	Apple	Iphone Os	All	All	All	All
Operating System	Apple	Iphone Os	16.0	All	All	All
Operating System	Apple	Macos	All	All	All	All
Operating System	Apple	Tvos	All	All	All	All
Operating System	Apple	Watchos	All	All	All	All

cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*:
cpe:2.3:o:apple:ipad_os:*:*:*:*:*:*:*:*:
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*:
cpe:2.3:o:apple:iphone_os:16.0:*:*:*:*:*:*:*:
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*:
cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*:
cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*:

No vendor comments have been submitted for this CVE

Social Mentions

Source	Title	Posted (UTC)
@TimGMichaud	CVE-2022-32926 is an off by one resulting in root -> kernel code exec: github.com/apple/darwin-x… - found with a (very… twitter.com/i/web/status/1…	2022-10-27 18:55:53
@ipssignatures	The vuln CVE-2022-32926 has a tweet created 0 days ago and retweeted 12 times. twitter.com/TimGMichaud/st… #pow1rtrtwwcve	2022-10-27 22:06:00
@CVEreport	CVE-2022-32926 : The issue was addressed with improved bounds checks. This issue is fixed in tvOS 16.1, iOS 15.7.1… twitter.com/i/web/status/1…	2022-11-01 20:20:07