CVE-2020-27936 – CVE-2020-27936 is an out-of-bounds read vulnera... (How to Fix)

Q: What is the severity of CVE-2020-27936?

CVE-2020-27936 has a CVSS score of 7.1 (HIGH). CVE-2020-27936 is an out-of-bounds read vulnerability in macOS kernel memory that allows local users to read kernel memory or cause system crashes. This affects macOS Catalina, Mojave, and earlier Big Sur versions. Attackers with local access can potentially access sensitive kernel data.

📋 TL;DR

CVE-2020-27936 is an out-of-bounds read vulnerability in macOS kernel memory that allows local users to read kernel memory or cause system crashes. This affects macOS Catalina, Mojave, and earlier Big Sur versions. Attackers with local access can potentially access sensitive kernel data.

💻 Affected Systems

Products:

macOS

Versions: macOS Big Sur 11.0 and earlier, macOS Catalina, macOS Mojave

Operating Systems: macOS

Default Config Vulnerable: ⚠️ Yes

Notes: All default configurations of affected macOS versions are vulnerable. Requires local user access to exploit.

📦 What is this software?

Mac Os X by Apple

View all CVEs affecting Mac Os X →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local privilege escalation leading to full system compromise, kernel memory disclosure exposing sensitive system information, or persistent denial of service through system crashes.

🟠

Likely Case

Local user causing system crashes (kernel panics) or reading limited kernel memory to gather system information for further attacks.

🟢

If Mitigated

Limited impact with proper access controls restricting local user privileges and timely patching preventing exploitation.

🌐 Internet-Facing: LOW - This is a local vulnerability requiring user access to the system, not remotely exploitable.

🏢 Internal Only: MEDIUM - Internal users with local access could exploit this, but requires existing system access and privileges.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires local user access and knowledge of kernel memory structures. No public exploit code available at disclosure.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave

Vendor Advisory: https://support.apple.com/en-us/HT212011

Restart Required: Yes

Instructions:

1. Open System Preferences > Software Update. 2. Install available security updates. 3. Restart system when prompted. 4. Verify update installed via About This Mac > System Report.

🔧 Temporary Workarounds

Restrict Local User Access

all

Limit local user accounts and privileges to reduce attack surface

🧯 If You Can't Patch

Implement strict access controls to limit local user privileges
Monitor system logs for kernel panic events and unusual local user activity

🔍 How to Verify

Check if Vulnerable:

Check macOS version via 'sw_vers' command or About This Mac > Overview

Check Version:

sw_vers

Verify Fix Applied:

Verify macOS version is 11.1 or higher for Big Sur, or check Security Update installation in System Report

📡 Detection & Monitoring

Log Indicators:

Kernel panic logs in /Library/Logs/DiagnosticReports
System crash reports
Unexpected system restarts

Network Indicators:

No network indicators - local vulnerability only

SIEM Query:

source="macos" AND (event_type="kernel_panic" OR message="panic" OR message="system crash")

📊 Metadata

CVE ID: CVE-2020-27936

CVSS v3 Score: 7.1 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

CWE: CWE-125

Published: April 2, 2021

Last Updated: November 21, 2024

🔗 References

https://support.apple.com/en-us/HT212011 Vendor Advisory
https://support.apple.com/en-us/HT212011 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-27936, you might also want to check these: