CVE-2022-22674
MEDIUM severity · CVSS 5.5 · Out-of-bounds read · actively exploited (CISA KEV)
5.5CVSS MEDIUM exploited
Actively exploited in the wild (CISA Known Exploited Vulnerabilities).
Added to KEV 2022-04-04. US federal agencies must patch by 2022-04-25.
Summary
An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue is fixed in macOS Monterey 12.3.1, Security Update 2022-004 Catalina, macOS Big Sur 11.6.6. A local user may be able to read kernel memory.
Impact & exploitability
Attack vectorLocal
Attack complexityLow
Privileges requiredLow
User interactionNone
Confidentiality impactHigh
Integrity impactNone
Availability impactNone
Exploit probability (EPSS)1%
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Affected products we track (1)
Recommendation
This vulnerability is being actively exploited in the wild — patch affected products urgently. Open any affected product above for its exact safe version.