CVE-2013-0964

medium

Description

The kernel in Apple iOS before 6.1 and Apple TV before 5.2 does not properly validate copyin and copyout arguments, which allows local users to bypass intended pointer restrictions and access locations in the first kernel-memory page by specifying a length of less than one page.

References

http://www.securityfocus.com/bid/57595

http://support.apple.com/kb/HT5643

http://support.apple.com/kb/HT5642

http://osvdb.org/89659

http://lists.apple.com/archives/security-announce/2013/Jan/msg00001.html

http://lists.apple.com/archives/security-announce/2013/Jan/msg00000.html

Details

Source: Mitre, NVD

Published: 2013-01-29

Updated: 2019-03-08

Risk Information

CVSS v2

Base Score: 3.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:N

Severity: Low

CVSS v3

Base Score: 5.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Severity: Medium