CVE-2023-27965

2023-05-0820:15:18

CWE-787

apple

web.nvd.nist.gov

cve-2023-27965

memory corruption

macos ventura 13.3

studio display firmware update 16.4

state management

arbitrary code execution

kernel privileges

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

7.2

Confidence

High

EPSS

0.001

Percentile

28.4%

JSON

A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.3, Studio Display Firmware Update 16.4. An app may be able to execute arbitrary code with kernel privileges.

Affected configurations

Nvd

Vulners

Node

applemacosRange13.0–13.3

Node

applestudio_display_firmwareRange<16.4

AND

applestudio_displayMatch-

VendorProductVersionCPE
applemacos*cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
applestudio_display_firmware*cpe:2.3:o:apple:studio_display_firmware:*:*:*:*:*:*:*:*
applestudio_display-cpe:2.3:h:apple:studio_display:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
apple	macos	*	cpe:2.3:o:apple:macos::::::::
apple	studio_display_firmware	*	cpe:2.3:o:apple:studio_display_firmware::::::::
apple	studio_display	-	cpe:2.3:h:apple:studio_display:-:::::::*

CNA Affected

[
  {
    "vendor": "Apple",
    "product": "macOS",
    "versions": [
      {
        "version": "unspecified",
        "status": "affected",
        "lessThan": "13.3",
        "versionType": "custom"
      }
    ]
  },
  {
    "vendor": "Apple",
    "product": "Studio Display Firmware Update",
    "versions": [
      {
        "version": "unspecified",
        "status": "affected",
        "lessThan": "16.4",
        "versionType": "custom"
      }
    ]
  }
]