Vulnerability-Lookup

CVE-2021-30675 (GCVE-0-2021-30675)

Vulnerability from cvelistv5 – Published: 2021-09-08 14:26 – Updated: 2024-08-03 22:40

Summary

A memory corruption issue was addressed with improved state management. This issue is fixed in Boot Camp 6.1.14. A malicious application may be able to elevate privileges.

Severity ?

No CVSS data available.

CWE

A malicious application may be able to elevate privileges

Assigner

apple

References

URL

	Vendor	Product	Version
	Apple	Boot Camp	Affected: unspecified , < 6.1 (custom)

CERTFR-2021-AVI-389

Vulnerability from certfr_avis - Published: 2021-05-18 - Updated: 2021-05-18

Une vulnérabilité a été découverte dans Apple Boot Camp. Elle permet à un attaquant de provoquer une élévation de privilèges.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Apple	N/A	Boot Camp versions antérieures à 6.1.14

References

Title

Publication Time

GSD-2021-30675

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

A memory corruption issue was addressed with improved state management. This issue is fixed in Boot Camp 6.1.14. A malicious application may be able to elevate privileges.

Aliases

CVE-2021-30675

Aliases

CVE-2021-30675

JSON

To clipboard Create KEV Entry

{
  "GSD": {
    "alias": "CVE-2021-30675",
    "description": "A memory corruption issue was addressed with improved state management. This issue is fixed in Boot Camp 6.1.14. A malicious application may be able to elevate privileges.",
    "id": "GSD-2021-30675"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2021-30675"
      ],
      "details": "A memory corruption issue was addressed with improved state management. This issue is fixed in Boot Camp 6.1.14. A malicious application may be able to elevate privileges.",
      "id": "GSD-2021-30675",
      "modified": "2023-12-13T01:23:30.623320Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "product-security@apple.com",
        "ID": "CVE-2021-30675",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Boot Camp",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_value": "6.1"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Apple"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A memory corruption issue was addressed with improved state management. This issue is fixed in Boot Camp 6.1.14. A malicious application may be able to elevate privileges."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "A malicious application may be able to elevate privileges"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://support.apple.com/en-us/HT212517",
            "refsource": "MISC",
            "url": "https://support.apple.com/en-us/HT212517"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:apple:boot_camp:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "6.1.14",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@apple.com",
          "ID": "CVE-2021-30675"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A memory corruption issue was addressed with improved state management. This issue is fixed in Boot Camp 6.1.14. A malicious application may be able to elevate privileges."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-787"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.apple.com/en-us/HT212517",
              "refsource": "MISC",
              "tags": [
                "Release Notes",
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/en-us/HT212517"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2021-09-16T17:19Z",
      "publishedDate": "2021-09-08T15:15Z"
    }
  }
}

GHSA-22X4-W9QF-P8QQ

Vulnerability from github – Published: 2022-05-24 19:13 – Updated: 2022-05-24 19:13

Details

A memory corruption issue was addressed with improved state management. This issue is fixed in Boot Camp 6.1.14. A malicious application may be able to elevate privileges.

Show details on source website

JSON

To clipboard Create KEV Entry

{
  "affected": [],
  "aliases": [
    "CVE-2021-30675"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-787"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-09-08T15:15:00Z",
    "severity": "HIGH"
  },
  "details": "A memory corruption issue was addressed with improved state management. This issue is fixed in Boot Camp 6.1.14. A malicious application may be able to elevate privileges.",
  "id": "GHSA-22x4-w9qf-p8qq",
  "modified": "2022-05-24T19:13:27Z",
  "published": "2022-05-24T19:13:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-30675"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT212517"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

VAR-202109-1324

Vulnerability from variot - Updated: 2024-08-14 12:07

A memory corruption issue was addressed with improved state management. This issue is fixed in Boot Camp 6.1.14. A malicious application may be able to elevate privileges. Boot Camp Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Apple Boot Camp is an application program of Apple (Apple). A utility that comes with your Mac that lets you switch between macOS and Windows. A buffer error vulnerability exists in Apple Boot Camp due to a boundary error. A local user could run a specially crafted program to trigger memory corruption and execute arbitrary code on the system with elevated privileges. Information about the security content is also available at https://support.apple.com/HT212517.

Boot Camp Available for: Mac Pro (Late 2013 and later), MacBook Pro (Late 2013 and later), MacBook Air (Mid 2013 and later), Mac mini (Mid 2014 and later), iMac (Mid 2014 and later), MacBook (Early 2015 and later), iMac Pro (Late 2017) Impact: A malicious application may be able to elevate privileges Description: A memory corruption issue was addressed with improved state management. CVE-2021-30675: MJ0011 of Kunlun Lab

Boot Camp requires a Mac with an Intel processor.

Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAmCtU9MACgkQZcsbuWJ6 jjAUUQ/+I0vHJEVtBnSbfxLlD4JPMMNAa9eFsPakNkZ22OWSmHqTd93TzdJgR0KG U8whb5eMQgTqzlK+CmO2MYPcNIut+Plcte4NeLGBuSPakrux+eJLIwQr+xyX9pdU W8YEl08qV0mwbRWyyiA4o4NRwtR5OKe3nrihbqkiXc/of3jnYuvB5tPtK5WZvowC vEcdEQUOwsrTnLo3GOaO+4nFZ5t0uvdm2WZCw2Ymh695uBpEiftRBXSDqlnbigw5 qajyJ/JXwvktCyx4scB01gGO4G5kFlffcIEj8t2gMnKXtTDJNSDYXWgicobIyKKM UQzyNKAnEvNsSVpabhxUElDueoJCNTMzzDs5SJe1KYL7KLsdb9JzVLzmbPxrpdKi sn70WY90f3BsQ2tYQRpnR9vN1DADZIsV9RnsE271uia+LKl/g7DTeOe7rbkaMylU 2Ia24eLTqXE1nEEpWP+66nRrx02+xEJgLkx7Jblxc39iMpe7krU2XuifDnjuXMhr 5fScQ4WezSMcNppCtxMCnBMq3jpVDJZkcIpZ5iJgc1KMuXtfENcLj1FHQ3ekqGjq 7ac7kVfax3d3tFwz4ZCKU63rCMGoX+vmIB+DSv8H/+868zUBYTwFI6ddVIcabTtY iUQqfaOsJ1GROrcsI9++/W32O4+DilYFM/UKsQnvq9dLL3OeTw8=s7E9 -----END PGP SIGNATURE-----

Show details on source website

JSON

To clipboard Create KEV Entry

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202109-1324",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "boot camp",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "6.1.14"
      },
      {
        "model": "boot camp",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30a2\u30c3\u30d7\u30eb",
        "version": null
      },
      {
        "model": "boot camp",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30a2\u30c3\u30d7\u30eb",
        "version": "6.1.14"
      },
      {
        "model": "boot camp",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30a2\u30c3\u30d7\u30eb",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-013494"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-30675"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Apple",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "162822"
      }
    ],
    "trust": 0.1
  },
  "cve": "CVE-2021-30675",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "CVE-2021-30675",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 1.9,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "VHN-390408",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.8,
            "id": "CVE-2021-30675",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Local",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 7.8,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2021-30675",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "Required",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2021-30675",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2021-30675",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202104-975",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202105-1197",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-390408",
            "trust": 0.1,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2021-30675",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-390408"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-30675"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-013494"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202105-1197"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-30675"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A memory corruption issue was addressed with improved state management. This issue is fixed in Boot Camp 6.1.14. A malicious application may be able to elevate privileges. Boot Camp Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Apple Boot Camp is an application program of Apple (Apple). A utility that comes with your Mac that lets you switch between macOS and Windows. A buffer error vulnerability exists in Apple Boot Camp due to a boundary error. A local user could run a specially crafted program to trigger memory corruption and execute arbitrary code on the system with elevated privileges. \nInformation about the security content is also available at\nhttps://support.apple.com/HT212517. \n\nBoot Camp\nAvailable for: Mac Pro (Late 2013 and later), MacBook Pro (Late 2013\nand later), MacBook Air (Mid 2013 and later), Mac mini (Mid 2014 and\nlater), iMac (Mid 2014 and later), MacBook (Early 2015 and later),\niMac Pro (Late 2017)\nImpact: A malicious application may be able to elevate privileges\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2021-30675: MJ0011 of Kunlun Lab\n\n* Boot Camp requires a Mac with an Intel processor. \n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAmCtU9MACgkQZcsbuWJ6\njjAUUQ/+I0vHJEVtBnSbfxLlD4JPMMNAa9eFsPakNkZ22OWSmHqTd93TzdJgR0KG\nU8whb5eMQgTqzlK+CmO2MYPcNIut+Plcte4NeLGBuSPakrux+eJLIwQr+xyX9pdU\nW8YEl08qV0mwbRWyyiA4o4NRwtR5OKe3nrihbqkiXc/of3jnYuvB5tPtK5WZvowC\nvEcdEQUOwsrTnLo3GOaO+4nFZ5t0uvdm2WZCw2Ymh695uBpEiftRBXSDqlnbigw5\nqajyJ/JXwvktCyx4scB01gGO4G5kFlffcIEj8t2gMnKXtTDJNSDYXWgicobIyKKM\nUQzyNKAnEvNsSVpabhxUElDueoJCNTMzzDs5SJe1KYL7KLsdb9JzVLzmbPxrpdKi\nsn70WY90f3BsQ2tYQRpnR9vN1DADZIsV9RnsE271uia+LKl/g7DTeOe7rbkaMylU\n2Ia24eLTqXE1nEEpWP+66nRrx02+xEJgLkx7Jblxc39iMpe7krU2XuifDnjuXMhr\n5fScQ4WezSMcNppCtxMCnBMq3jpVDJZkcIpZ5iJgc1KMuXtfENcLj1FHQ3ekqGjq\n7ac7kVfax3d3tFwz4ZCKU63rCMGoX+vmIB+DSv8H/+868zUBYTwFI6ddVIcabTtY\niUQqfaOsJ1GROrcsI9++/W32O4+DilYFM/UKsQnvq9dLL3OeTw8=s7E9\n-----END PGP SIGNATURE-----\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-30675"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-013494"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "VULHUB",
        "id": "VHN-390408"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-30675"
      },
      {
        "db": "PACKETSTORM",
        "id": "162822"
      }
    ],
    "trust": 2.43
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2021-30675",
        "trust": 3.5
      },
      {
        "db": "PACKETSTORM",
        "id": "162822",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-013494",
        "trust": 0.8
      },
      {
        "db": "CS-HELP",
        "id": "SB2021041363",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021051802",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.1804",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202105-1197",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-390408",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-30675",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-390408"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-30675"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-013494"
      },
      {
        "db": "PACKETSTORM",
        "id": "162822"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202105-1197"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-30675"
      }
    ]
  },
  "id": "VAR-202109-1324",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-390408"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-08-14T12:07:59.754000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "HT212517 Apple\u00a0 Security update",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/HT212517"
      },
      {
        "title": "Apple Boot Camp Buffer error vulnerability fix",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=150938"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-013494"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202105-1197"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-787",
        "trust": 1.1
      },
      {
        "problemtype": "Out-of-bounds writing (CWE-787) [NVD evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-390408"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-013494"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-30675"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.4,
        "url": "https://support.apple.com/en-us/ht212517"
      },
      {
        "trust": 1.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30675"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/162822/apple-security-advisory-2021-05-25-8.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021051802"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.1804"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/787.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "http://seclists.org/fulldisclosure/2021/may/66"
      },
      {
        "trust": 0.1,
        "url": "https://www.apple.com/support/security/pgp/"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/kb/ht201222"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/ht212517."
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-390408"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-30675"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-013494"
      },
      {
        "db": "PACKETSTORM",
        "id": "162822"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202105-1197"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-30675"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-390408"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-30675"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-013494"
      },
      {
        "db": "PACKETSTORM",
        "id": "162822"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202105-1197"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-30675"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-09-08T00:00:00",
        "db": "VULHUB",
        "id": "VHN-390408"
      },
      {
        "date": "2021-09-08T00:00:00",
        "db": "VULMON",
        "id": "CVE-2021-30675"
      },
      {
        "date": "2022-09-14T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2021-013494"
      },
      {
        "date": "2021-05-26T17:46:26",
        "db": "PACKETSTORM",
        "id": "162822"
      },
      {
        "date": "2021-04-13T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "date": "2021-05-17T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202105-1197"
      },
      {
        "date": "2021-09-08T15:15:14.030000",
        "db": "NVD",
        "id": "CVE-2021-30675"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-09-16T00:00:00",
        "db": "VULHUB",
        "id": "VHN-390408"
      },
      {
        "date": "2021-09-16T00:00:00",
        "db": "VULMON",
        "id": "CVE-2021-30675"
      },
      {
        "date": "2022-09-14T05:55:00",
        "db": "JVNDB",
        "id": "JVNDB-2021-013494"
      },
      {
        "date": "2021-04-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "date": "2021-09-17T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202105-1197"
      },
      {
        "date": "2021-09-16T17:19:29.750000",
        "db": "NVD",
        "id": "CVE-2021-30675"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202105-1197"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Boot\u00a0Camp\u00a0 Out-of-bounds write vulnerability in",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-013494"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "other",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      }
    ],
    "trust": 0.6
  }
}

FKIE_CVE-2021-30675

Vulnerability from fkie_nvd - Published: 2021-09-08 15:15 - Updated: 2024-11-21 06:04

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

A memory corruption issue was addressed with improved state management. This issue is fixed in Boot Camp 6.1.14. A malicious application may be able to elevate privileges.

References

	URL	Tags
	product-security@apple.com	https://support.apple.com/en-us/HT212517	Release Notes, Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/en-us/HT212517	Release Notes, Vendor Advisory

Impacted products

	Vendor	Product	Version
	apple	boot_camp	*

JSON

To clipboard Create KEV Entry

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apple:boot_camp:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "83935DBD-C671-430D-AFB2-0874F430D122",
              "versionEndExcluding": "6.1.14",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A memory corruption issue was addressed with improved state management. This issue is fixed in Boot Camp 6.1.14. A malicious application may be able to elevate privileges."
    },
    {
      "lang": "es",
      "value": "Se abord\u00f3 un problema de corrupci\u00f3n de la memoria con una administraci\u00f3n de estado mejorada. Este problema es corregido en Boot Camp versi\u00f3n 6.1.14. Una aplicaci\u00f3n maliciosa puede ser capaz de elevar privilegios"
    }
  ],
  "id": "CVE-2021-30675",
  "lastModified": "2024-11-21T06:04:24.880",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-09-08T15:15:14.030",
  "references": [
    {
      "source": "product-security@apple.com",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/en-us/HT212517"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/en-us/HT212517"
    }
  ],
  "sourceIdentifier": "product-security@apple.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2021-30675 (GCVE-0-2021-30675)

CERTFR-2021-AVI-389

Solution

GSD-2021-30675

GHSA-22X4-W9QF-P8QQ

VAR-202109-1324

FKIE_CVE-2021-30675

Tags

Sightings

Nomenclature