CVE-2022-22674
Published: 26 May 2022
Summary
CVE-2022-22674 is a medium-severity Out-of-bounds Read (CWE-125) vulnerability in Apple Mac Os X. Its CVSS base score is 5.5 (Medium).
Operationally, ranked at the 44.4th percentile by exploit likelihood (below the median); CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Deeper analysis
An out-of-bounds read vulnerability, tracked as CVE-2022-22674 and assigned CWE-125, affects the kernel on Apple macOS systems. The flaw permits disclosure of kernel memory contents due to insufficient input validation and carries a CVSS 3.1 score of 5.5 reflecting local access requirements. It is resolved in macOS Monterey 12.3.1, Security Update 2022-004 Catalina, and macOS Big Sur 11.6.6.
A local user with a valid account on an affected macOS host can trigger the condition to read arbitrary kernel memory without user interaction or elevated privileges beyond standard local access. This information disclosure could expose sensitive kernel data structures that aid further attacks, though the vulnerability itself does not permit direct code execution or privilege escalation.
Apple security advisories HT213220, HT213255, and HT213256 confirm the issue is fixed through improved input validation in the listed macOS releases and direct administrators to install the updates to eliminate the exposure. The current EPSS score of 0.0022 indicates limited observed exploitation interest.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2022-27819
Vulnerability details
An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue is fixed in macOS Monterey 12.3.1, Security Update 2022-004 Catalina, macOS Big Sur 11.6.6. A local user may…
more
be able to read kernel memory.
- CWE(s)
- KEV Date Added
- 04 April 2022
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly addresses the root cause of insufficient input validation that permitted the out-of-bounds kernel memory read.
Enforces memory protection boundaries to block unauthorized reads of kernel memory by user-space processes.
Requires process isolation so that a low-privileged local process cannot directly access kernel address space.