Published: 18/12/2019 Updated: 30/12/2019

CVSS v2 Base Score: 7.1 | Impact Score: 6.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8

VMScore: 632

Vector: AV:N/AC:M/Au:N/C:C/I:N/A:N

A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. A malicious application may be able to determine kernel memory layout.

Vulnerable Product	Search on Vulmon	Subscribe to Product
apple iphone os
apple mac os x
apple tvos
apple watchos

Full Disclosure mailing list archives   By Date By Thread </form>    APPLE-SA-2019-3-25-1 iOS 122   From: Apple Product Security via ...

Kernel Stack info leak at exportObjectToClient function

CVE-2019-8540 Kernel Stack info leak at exportObjectToClient function bug details: macOS<=10143 && iOS < 122 There is a bug at Function exportObjectToClient in IOKit class, which can lead to leak 4 bytes of kernel stack info exportObjectToClient just like its name which make an arbitrary OSObject available to the client taskIt’s a ba

CWE-665 https://support.apple.com/HT209601 https://support.apple.com/HT209600 https://support.apple.com/HT209599 https://support.apple.com/HT209602 https://nvd.nist.gov https://github.com/maldiohead/CVE-2019-8540 http://seclists.org/fulldisclosure/2019/Mar/58

CVE-2019-8540

Vulnerability Summary

Vulnerability Trend

Mailing Lists

Github Repositories

References

Vulmon Search

About

Products

Connect