Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.6
CVSSv2

CVE-2018-4230

Published: 08/06/2018 Updated: 13/07/2018
CVSS v2 Base Score: 7.6 | Impact Score: 10 | Exploitability Score: 4.9
CVSS v3 Base Score: 7 | Impact Score: 5.9 | Exploitability Score: 1
VMScore: 765
Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C
Subscribe to Mac Os X

Vulnerability Summary

An issue exists in certain Apple products. macOS prior to 10.13.5 is affected. The issue involves the "NVIDIA Graphics Drivers" component. It allows malicious users to execute arbitrary code in a privileged context via a crafted app that triggers a SetAppSupportBits use-after-free because of a race condition.

Vulnerable Product Search on Vulmon Subscribe to Product

apple mac os x

Exploits

Exploit DB: Apple macOS Kernel - Use-After-Free Due to Lack of Locking in nvidia GeForce Driver
/* nvDevice::SetAppSupportBits is external method 0x107 of the nvAccelerator IOService It calls task_deallocate without locking Two threads can race calling this external method to drop two task references when only one is held Note that the repro forks a child which give the nvAccelerator a different task otherwise the repro is more likely to ...

Mailing Lists

Full Disclosure: APPLE-SA-2018-7-23-2 Additional information for APPLE-SA-2018-06-01-1 macOS High Sierra 10.13.5, Security Update 2018-003 Sierra, Security Update 2018-003 El Capitan
<!--X-Body-Begin--> <!--X-User-Header--> Full Disclosure mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> APPLE-SA-2018-7-23-2 Additional information for APPLE-SA-2018-06-01-1 macOS High Sierra 10135, Security Update 2018-0 ...

References

CWE-362https://support.apple.com/HT208849https://bugs.chromium.org/p/project-zero/issues/detail?id=1549https://www.exploit-db.com/exploits/44847/http://www.securitytracker.com/id/1041027https://nvd.nist.govhttps://www.exploit-db.com/exploits/44847/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-2907hardcodedinjectCVE-2024-20359CVE-2024-2467CVE-2024-4077CVE-2024-22391cameraCVE-2024-20353
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook