CVE-2023-23514

CVSS V2 None CVSS V3 None
Description
A use after free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13.2.1, iOS 16.3.1 and iPadOS 16.3.1. An app may be able to execute arbitrary code with kernel privileges..
Overview
  • CVE ID
  • CVE-2023-23514
  • Assigner
  • product-security@apple.com
  • Vulnerability Status
  • Modified
  • Published Version
  • 2023-02-27T20:15:14
  • Last Modified Date
  • 2023-03-28T05:15:15
Weakness Enumerations
CWE URL
CWE-416 http://cwe.mitre.org/data/definitions/416.html
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:* 1 OR 16.3.1
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:* 1 OR 16.3.1
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:* 1 OR 13.0 13.2.1
References
Reference URL Reference Tags
http://packetstormsecurity.com/files/171359/XNU-NFSSVC-Root-Check-Bypass-Use-After-Free.html
http://seclists.org/fulldisclosure/2023/Mar/17
http://seclists.org/fulldisclosure/2023/Mar/18
http://seclists.org/fulldisclosure/2023/Mar/21
https://support.apple.com/en-us/HT213633 Vendor Advisory
https://support.apple.com/en-us/HT213635 Vendor Advisory
https://support.apple.com/kb/HT213670
https://support.apple.com/kb/HT213675
https://support.apple.com/kb/HT213677
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2023-23514
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23514
History
Created Old Value New Value Data Type Notes
2023-04-17 05:38:23 Added to TrackCVE
2023-04-17 05:38:26 Weakness Enumeration new