CVE-2022-22638

A null pointer dereference was addressed with improved validation. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Big Sur 11.6.5, Security Update 2022-003 Catalina, watchOS 8.5, macOS Monterey 12.3. An attacker in a privileged position may be able to perform a denial of service attack.

Weakness

The product dereferences a pointer that it expects to be valid but is NULL.

Affected Software

Name	Vendor	Start Version	End Version
Ipados	Apple	*	15.4 (excluding)
Iphone_os	Apple	*	15.4 (excluding)
Mac_os_x	Apple	10.15 (including)	10.15.7 (excluding)
Mac_os_x	Apple	10.15.7-security_update_2022-001 (including)	10.15.7-security_update_2022-001 (including)
Mac_os_x	Apple	10.15.7-security_update_2022-002 (including)	10.15.7-security_update_2022-002 (including)
Macos	Apple	11.6 (including)	11.6.5 (excluding)
Macos	Apple	12.0 (including)	12.3 (excluding)
Macos	Apple	10.15.7 (including)	10.15.7 (including)
Tvos	Apple	*	15.4 (excluding)
Watchos	Apple	*	8.5 (excluding)

Potential Mitigations

References

https://support.apple.com/en-us/HT213182
https://support.apple.com/en-us/HT213183
https://support.apple.com/en-us/HT213184
https://support.apple.com/en-us/HT213185
https://support.apple.com/en-us/HT213186
https://support.apple.com/en-us/HT213193
https://support.apple.com/en-us/HT213182
https://support.apple.com/en-us/HT213183
https://support.apple.com/en-us/HT213184
https://support.apple.com/en-us/HT213185
https://support.apple.com/en-us/HT213186
https://support.apple.com/en-us/HT213193

NVD	https://nvd.nist.gov/vuln/detail/CVE-2022-22638
CWE	https://cwe.mitre.org/data/definitions/476.html

NULL Pointer Dereference

Weakness

Affected Software

Potential Mitigations

References