CVE-2018-4230
Apple macOS Kernel - Use-After-Free Due to Lack of Locking in nvidia GeForce Driver
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
-Decision
Descriptions
An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "NVIDIA Graphics Drivers" component. It allows attackers to execute arbitrary code in a privileged context via a crafted app that triggers a SetAppSupportBits use-after-free because of a race condition.
Se ha descubierto un problema en algunos productos Apple. Las versiones de macOS anteriores a la 10.13.5 se han visto afectadas. El problema afecta al componente "NVIDIA Graphics Driver". Permite a los atacantes ejecutar código arbitrario en un contexto privilegiado mediante una app manipulada que desencadena un uso de memoria previamente liberada en SetAppSupportBits debido a una condición de carrera.
The macOS kernel suffers from a use-after-free vulnerability due to a lack of locking in the nvidia GeForce driver.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2018-01-02 CVE Reserved
- 2018-06-01 CVE Published
- 2023-10-30 EPSS Updated
- 2024-08-05 CVE Updated
- 2024-08-05 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CAPEC
References (4)
| URL | Tag | Source |
|---|---|---|
| http://www.securitytracker.com/id/1041027 | Third Party Advisory |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/44847 | 2024-08-05 | |
| https://bugs.chromium.org/p/project-zero/issues/detail?id=1549 | 2024-08-05 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://support.apple.com/HT208849 | 2018-07-13 |