CVE-2017-7154 : An issue was discovered in certain Apple products. iOS before 11.2 is affected.

An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. The issue involves the "Kernel" component. It allows local users to bypass intended memory-read restrictions or cause a denial of service (system crash).

Published 2017-12-27 17:08:24

Updated 2019-03-22 19:37:45

Source Apple Inc.

View at NVD, CVE.org

Vulnerability category: Input validationDenial of service

Products affected by CVE-2017-7154

Apple » Mac Os X
Versions before (<) 10.13.2
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
Matching versions
Apple » Iphone Os
Versions before (<) 11.2
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
Matching versions
Apple » Tvos
Versions before (<) 11.2
cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2017-7154

EPSS FAQ

0.09%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 24 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2017-7154

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
5.6	MEDIUM	AV:L/AC:L/Au:N/C:P/I:N/A:C	3.9	7.8	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: Complete
6.6	MEDIUM	CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H	1.3	5.2	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: Required Scope: Unchanged Confidentiality: High Integrity: None Availability: High

CWE ids for CVE-2017-7154

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2017-7154

https://support.apple.com/HT208327

About the security content of tvOS 11.2 - Apple Support
Vendor Advisory

CVEs referencing this url
https://support.apple.com/HT208334

About the security content of iOS 11.2 - Apple Support
Vendor Advisory

CVEs referencing this url
http://www.securityfocus.com/bid/103134

Apple iOS/tvOS/macOS CVE-2017-7154 Local Security Bypass Vulnerability
Third Party Advisory;VDB Entry
https://support.apple.com/HT208331

About the security content of macOS High Sierra 10.13.2, Security Update 2017-002 Sierra, and Security Update 2017-005 El Capitan - Apple Support
Vendor Advisory

CVEs referencing this url
https://www.exploit-db.com/exploits/43521/

macOS - 'process_policy' Stack Leak Through Uninitialized Field
Exploit;Third Party Advisory;VDB Entry

Jump to

Vulnerability Details : CVE-2017-7154

Products affected by CVE-2017-7154

Exploit prediction scoring system (EPSS) score for CVE-2017-7154

CVSS scores for CVE-2017-7154

CWE ids for CVE-2017-7154

References for CVE-2017-7154