CVE-2022-32811

A memory corruption vulnerability was addressed with improved locking. This issue is fixed in macOS Monterey 12.5, macOS Big Sur 11.6.8, Security Update 2022-005 Catalina. An app may be able to execute arbitrary code with kernel privileges.

Weakness

The product does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors.

Affected Software

Extended Description

Locking is a type of synchronization behavior that ensures that multiple independently-operating processes or threads do not interfere with each other when accessing the same resource. All processes/threads are expected to follow the same steps for locking. If these steps are not followed precisely - or if no locking is done at all - then another process/thread could modify the shared resource in a way that is not visible or predictable to the original process. This can lead to data or memory corruption, denial of service, etc.

NVD	https://nvd.nist.gov/vuln/detail/CVE-2022-32811
CWE	https://cwe.mitre.org/data/definitions/667.html

Improper Locking

Weakness

Affected Software

Extended Description

Potential Mitigations

References

Name	Vendor	Start Version	End Version
Mac_os_x	Apple	10.15.7-security_update_2020-001 (including)	10.15.7-security_update_2020-001 (including)
Mac_os_x	Apple	10.15.7-security_update_2021-001 (including)	10.15.7-security_update_2021-001 (including)
Mac_os_x	Apple	10.15.7-security_update_2021-002 (including)	10.15.7-security_update_2021-002 (including)
Mac_os_x	Apple	10.15.7-security_update_2021-003 (including)	10.15.7-security_update_2021-003 (including)
Mac_os_x	Apple	10.15.7-security_update_2021-004 (including)	10.15.7-security_update_2021-004 (including)
Mac_os_x	Apple	10.15.7-security_update_2021-005 (including)	10.15.7-security_update_2021-005 (including)
Mac_os_x	Apple	10.15.7-security_update_2021-006 (including)	10.15.7-security_update_2021-006 (including)
Mac_os_x	Apple	10.15.7-security_update_2021-007 (including)	10.15.7-security_update_2021-007 (including)
Mac_os_x	Apple	10.15.7-security_update_2021-008 (including)	10.15.7-security_update_2021-008 (including)
Mac_os_x	Apple	10.15.7-security_update_2022-001 (including)	10.15.7-security_update_2022-001 (including)
Mac_os_x	Apple	10.15.7-security_update_2022-002 (including)	10.15.7-security_update_2022-002 (including)
Mac_os_x	Apple	10.15.7-security_update_2022-003 (including)	10.15.7-security_update_2022-003 (including)
Macos	Apple	*	10.15.7 (excluding)
Macos	Apple	11.0 (including)	11.6.8 (excluding)
Macos	Apple	12.0 (including)	12.5 (excluding)
Macos	Apple	10.15.7 (including)	10.15.7 (including)
Macos	Apple	10.15.7-security_update_2022-004 (including)	10.15.7-security_update_2022-004 (including)

CVE-2022-32811

Improper Locking

Weakness

Affected Software

Extended Description

Potential Mitigations

Related Attack Patterns

References