Apple tvOS Kernel use after free

entryeditHistoryDiffjsonxmlCTI

A vulnerability, which was classified as critical, has been found in Apple tvOS (Digital Media Player) (unknown version). This issue affects an unknown code of the component Kernel. Upgrading eliminates this vulnerability. A possible mitigation has been published immediately after the disclosure of the vulnerability.

Field04/03/2021 11:20 AM04/08/2021 05:27 PM
vendorAppleApple
nametvOStvOS
componentKernelKernel
cwe416 (memory corruption)416 (memory corruption)
cvss3_vuldb_avLL
cvss3_vuldb_acLL
cvss3_vuldb_prLL
cvss3_vuldb_uiNN
cvss3_vuldb_sUU
cvss3_vuldb_cHH
cvss3_vuldb_iHH
cvss3_vuldb_aHH
cvss3_vuldb_eXX
cvss3_vuldb_rlOO
cvss3_vuldb_rcCC
cvss2_vuldb_avLL
cvss2_vuldb_acLL
cvss2_vuldb_auSS
cvss2_vuldb_ciCC
cvss2_vuldb_iiCC
cvss2_vuldb_aiCC
cvss2_vuldb_eNDND
cvss2_vuldb_rlOFOF
cvss2_vuldb_rcCC
date1607900400 (12/14/2020)1607900400 (12/14/2020)
locationWebsiteWebsite
typeAdvisoryAdvisory
person_nameTielei WangTielei Wang
disputed00
nameUpgradeUpgrade
date1607900400 (12/14/2020)1607900400 (12/14/2020)
cveCVE-2020-9975CVE-2020-9975
cve_assigned15831036001583103600
cve_nvd_summaryA use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.0.1, tvOS 14.0, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, watchOS 7.0, iOS 14.0 and iPadOS 14.0. An application may be able to execute arbitrary code with kernel privileges.
typeDigital Media Player
cvss2_vuldb_basescore6.8
cvss2_vuldb_tempscore5.9
cvss3_vuldb_basescore7.8
cvss3_vuldb_tempscore7.5
cvss3_meta_basescore7.8
cvss3_meta_tempscore7.5
price_0day$5k-$25k

Interested in the pricing of exploits?

See the underground prices here!