|CVSS SCORE||4.9, (AV:L/AC:L/Au:N/C:C/I:N/A:N)|
The specific flaw exists within IOCommandQueue. The process does not properly validate user-supplied data which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges under the context of the kernel.
Apple has issued an update to correct this vulnerability. More details can be found at:
|CREDIT||Qidan He(@flanker_hqd) from KeenLab