7.8
CVSSv3

CVE-2016-1846

Published: 20/05/2016 Updated: 01/12/2016
CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
VMScore: 935
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Summary

The nvCommandQueue::GetHandleIndex method in the NVIDIA Graphics Drivers subsystem in Apple OS X prior to 10.11.5 allows malicious users to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference and memory corruption) via a crafted app.

Vulnerable Product Search on Vulmon Subscribe to Product

apple mac os x

Exploits

/* Source: bugschromiumorg/p/project-zero/issues/detail?id=784 The method nvCommandQueue::GetHandleIndex doesn't check whether this+0x5b8 is non-null before using it We can race a call to this method this with another thread calling IOServiceClose to get a NULL pointer there By mapping the NULL page in userspace this gives us trivial ...