CVE-2015-5842 - OpenCVE

XNU in the kernel in Apple iOS before 9 does not properly initialize an unspecified data structure, which allows local users to obtain sensitive memory-layout information via unknown vectors.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:L/AC:L/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Apple	Iphone Os Mac Os X Watchos

Configuration 1 [-]

cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*

Configuration 2 [-]

cpe:2.3:o:apple:watchos:1.0:*:*:*:*:*:*:*

Configuration 3 [-]

cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html
http://lists.apple.com/archives/security-announce/2015/Sep/msg00005.html
http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html
http://www.securityfocus.com/bid/76764
http://www.securitytracker.com/id/1033609
https://support.apple.com/HT205212
https://support.apple.com/HT205213
https://support.apple.com/HT205267

History

No history.

MITRE

Status: PUBLISHED

Assigner: apple

Published: 2015-09-18T10:00:00

Updated: 2024-08-06T07:06:33.424Z

Reserved: 2015-08-06T00:00:00

Link: CVE-2015-5842

Vulnrichment

No data.

NVD

Status : Modified

Published: 2015-09-18T10:59:56.627

Modified: 2016-12-22T03:00:09.433

Link: CVE-2015-5842

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-09-16T00:00:00", "descriptions": [{"lang": "en", "value": "XNU in the kernel in Apple iOS before 9 does not properly initialize an unspecified data structure, which allows local users to obtain sensitive memory-layout information via unknown vectors."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-12-20T16:57:01", "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple"}, "references": [{"name": "1033609", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1033609"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.apple.com/HT205212"}, {"name": "APPLE-SA-2015-09-30-3", "tags": ["vendor-advisory", "x_refsource_APPLE"], "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html"}, {"name": "76764", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/76764"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.apple.com/HT205267"}, {"name": "APPLE-SA-2015-09-21-1", "tags": ["vendor-advisory", "x_refsource_APPLE"], "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00005.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.apple.com/HT205213"}, {"name": "APPLE-SA-2015-09-16-1", "tags": ["vendor-advisory", "x_refsource_APPLE"], "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "product-security@apple.com", "ID": "CVE-2015-5842", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "XNU in the kernel in Apple iOS before 9 does not properly initialize an unspecified data structure, which allows local users to obtain sensitive memory-layout information via unknown vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "1033609", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1033609"}, {"name": "https://support.apple.com/HT205212", "refsource": "CONFIRM", "url": "https://support.apple.com/HT205212"}, {"name": "APPLE-SA-2015-09-30-3", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html"}, {"name": "76764", "refsource": "BID", "url": "http://www.securityfocus.com/bid/76764"}, {"name": "https://support.apple.com/HT205267", "refsource": "CONFIRM", "url": "https://support.apple.com/HT205267"}, {"name": "APPLE-SA-2015-09-21-1", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00005.html"}, {"name": "https://support.apple.com/HT205213", "refsource": "CONFIRM", "url": "https://support.apple.com/HT205213"}, {"name": "APPLE-SA-2015-09-16-1", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T07:06:33.424Z"}, "title": "CVE Program Container", "references": [{"name": "1033609", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1033609"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.apple.com/HT205212"}, {"name": "APPLE-SA-2015-09-30-3", "tags": ["vendor-advisory", "x_refsource_APPLE", "x_transferred"], "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html"}, {"name": "76764", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/76764"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.apple.com/HT205267"}, {"name": "APPLE-SA-2015-09-21-1", "tags": ["vendor-advisory", "x_refsource_APPLE", "x_transferred"], "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00005.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.apple.com/HT205213"}, {"name": "APPLE-SA-2015-09-16-1", "tags": ["vendor-advisory", "x_refsource_APPLE", "x_transferred"], "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html"}]}]}, "cveMetadata": {"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "cveId": "CVE-2015-5842", "datePublished": "2015-09-18T10:00:00", "dateReserved": "2015-08-06T00:00:00", "dateUpdated": "2024-08-06T07:06:33.424Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "matchCriteriaId": "ED0C640E-6836-4C93-BBB3-84B61E5EBB7B", "versionEndIncluding": "8.4.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:apple:watchos:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "C95BB8B9-BD8F-4688-8B29-6C6FB4E2F607", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "matchCriteriaId": "0C5FF5EF-B5D2-4BFE-8C0E-DF1F99F3989D", "versionEndIncluding": "10.10.5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "XNU in the kernel in Apple iOS before 9 does not properly initialize an unspecified data structure, which allows local users to obtain sensitive memory-layout information via unknown vectors."}, {"lang": "es", "value": "Vulnerabilidad en XNU en el kernel en Apple iOS en versiones anteriores a 9, no inicializa adecuadamente una estructura de datos no especificada, lo que permite a usuarios locales obtener informaci\u00f3n sensible de la estructura de memoria a trav\u00e9s de vectores desconocidos."}], "id": "CVE-2015-5842", "lastModified": "2016-12-22T03:00:09.433", "metrics": {"cvssMetricV2": [{"acInsufInfo": true, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2015-09-18T10:59:56.627", "references": [{"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00005.html"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html"}, {"source": "product-security@apple.com", "url": "http://www.securityfocus.com/bid/76764"}, {"source": "product-security@apple.com", "url": "http://www.securitytracker.com/id/1033609"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/HT205212"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/HT205213"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/HT205267"}], "sourceIdentifier": "product-security@apple.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}