Vulnerability Details : CVE-2021-1834
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.3, Security Update 2021-002 Catalina, Security Update 2021-003 Mojave. A malicious application may be able to execute arbitrary code with kernel privileges.
Vulnerability category: Memory CorruptionExecute code
Products affected by CVE-2021-1834
- cpe:2.3:o:apple:mac_os_x:10.14.1:*:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.14:*:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.14.5:*:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.14.6:-:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-001:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-002:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-006:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-007:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-001:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-002:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-003:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-004:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-005:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-006:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-007:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.15.7:-:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-001:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-004:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-005:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-005:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-007:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2021-001:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2021-002:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.14.6:*:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-001:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.15.6:-:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.15.6:supplemental_update:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.14.0:*:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.14.2:*:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.14.3:*:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.14.4:*:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.15:*:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.15.1:*:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.15.2:*:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.15.3:*:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.15.4:*:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.15.5:*:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.15.6:*:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.15.7:*:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.14.4:beta4:*:*:*:*:*:*
- cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2021-1834
0.56%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 78 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-1834
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST | |
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2021-1834
-
The product writes data past the end, or before the beginning, of the intended buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2021-1834
-
https://support.apple.com/en-us/HT212327
About the security content of Security Update 2021-003 Mojave - Apple SupportVendor Advisory
-
https://support.apple.com/en-us/HT212326
About the security content of Security Update 2021-002 Catalina - Apple SupportVendor Advisory
-
https://support.apple.com/en-us/HT212325
About the security content of macOS Big Sur 11.3 - Apple SupportVendor Advisory
Jump to