admin/cve
1
0
Fork 0
mirror of https://github.com/0xMarcio/cve.git synced 2025-05-06 18:52:12 +00:00
Code Issues Packages Projects Releases Wiki Activity
cve/2023/CVE-2023-23514.md

21 lines
1.1 KiB
Markdown
Raw Normal View History

Update Sat May 25 21:48:12 CEST 2024
2024-05-25 21:48:12 +02:00
### [CVE-2023-23514](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23514)
![](https://img.shields.io/static/v1?label=Product&message=iOS%20and%20iPadOS&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=macOS&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%2013.3%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%2016.3%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=An%20app%20may%20be%20able%20to%20execute%20arbitrary%20code%20with%20kernel%20privileges.&color=brighgreen)
### Description
A use after free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, iOS 16.3.1 and iPadOS 16.3.1, macOS Ventura 13.2.1, macOS Big Sur 11.7.5. An app may be able to execute arbitrary code with kernel privileges.
### POC
#### Reference
- http://packetstormsecurity.com/files/171359/XNU-NFSSVC-Root-Check-Bypass-Use-After-Free.html
- http://seclists.org/fulldisclosure/2023/Mar/21
#### Github
- https://github.com/ARPSyndicate/cvemon
Reference in New Issue Copy Permalink