com_apple_AVEBridge::submitData NULL Pointer Dereference

Product Apple macOS 10.13.1
Severity Low
CVE Reference CVE-2017-13858
Type Memory Corruption

Description

A NULL pointer dereference issue was identified within the ‘com.apple.AVEBridge’ IOKit kernel extension driver. 

Impact

On systems without SMAP/SMEP it is expected this could be used to achieve kernel code execution. However, on modern systems with these protections, this issue is limited to a denial of service. 

Cause

The com_apple_AVEBridge::submitData function was found to perform insufficient input validation. 

Interim Workaround

N/A

Solution

Users should apply the released security update from Apple (https://support.apple.com/en-gb/HT208331). 

Technical details

Please refer to the attached advisory. 

Disclosure Timeline

Date Summary
2017-09-25 Issue reported to vendor
2017-12-06 Vendor issues patch
2018-01-19 MWR Labs releases advisory