CVE-2020-27897: Apple macOS AppleIntelKBLGraphics IOCTL 0x10003 Out-Of-Bounds Write Privilege Escalation Vulnerability

Q: What is CVE-2020-27897?

CVE-2020-27897 is an out-of-bounds write vulnerability in the Intel Graphics Driver that has been addressed with improved bounds checking.

Q: What is the severity of CVE-2020-27897?

The severity of CVE-2020-27897 is not specified in the provided information.

Q: What software versions are affected by CVE-2020-27897?

CVE-2020-27897 affects macOS Big Sur versions up to and including 11.0.1, and macOS Catalina and Mojave are also potentially affected.

Q: How can I mitigate CVE-2020-27897?

To mitigate CVE-2020-27897, update your macOS Big Sur to version 11.1 or later when available, as Apple has addressed this vulnerability in macOS Big Sur 11.1.

Q: Where can I find more information about CVE-2020-27897?

More information about CVE-2020-27897 can be found on the Apple support page: [https://support.apple.com/en-us/HT212011](https://support.apple.com/en-us/HT212011)

Published Nov 12, 2020

Updated

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1. An application may be able to execute arbitrary code with kernel privileges.

Other sources

Intel Graphics Driver. An out-of-bounds write issue was addressed with improved bounds checking.

This vulnerability allows local attackers to escalate privileges on affected installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of IOCTL 0x10003 in the AppleIntelKBLGraphics kext. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the kernel.

Credit

ABC Research s.r.o.(Trend Micro Zero Day Initiative), Xiaolong Bai, Min (Spark) Zheng(Alibaba Inc), Luyi Xing(Indiana University Bloomington)

Affected Software

21 affected componentsFixes available

Apple macOS Big Sur<11.0.1

11.0.1

Apple macOS Big Sur<11.1

11.1

Apple Catalina

Apple Mojave

Apple iOS and macOS>=10.14<10.14.6

Apple iOS and macOS>=10.15<10.15.7

Apple iOS and macOS=10.14.6

Apple iOS and macOS=10.14.6-security_update_2019-001

Apple iOS and macOS=10.14.6-security_update_2019-002

Apple iOS and macOS=10.14.6-security_update_2020-001

Apple iOS and macOS=10.14.6-security_update_2020-002

Apple iOS and macOS=10.14.6-security_update_2020-003

Apple iOS and macOS=10.14.6-security_update_2020-004

Apple iOS and macOS=10.14.6-security_update_2020-005

Apple iOS and macOS=10.14.6-security_update_2020-006

Apple iOS and macOS=10.14.6-supplemental_update

Apple iOS and macOS=10.14.6-supplemental_update_2

Apple iOS and macOS=10.15.7

Apple iOS and macOS=10.15.7-supplemental_update

Apple macOS>=11.0<11.1

Apple macOS

Event History

Apr 2, 2021

CVE Published

via MITRE·05:26 PM

Data Sourced

via MITRE·05:26 PM

DescriptionWeakness

Mar 24, 2025

Advisory Published

via ZDI·11:02 PM

Parent advisories

This vulnerability appears in the following advisories.

Peer vulnerabilities

Found alongside the following vulnerabilities.

CVE-2020-27914
CVE-2020-27915
CVE-2020-27903
CVE-2020-27910
CVE-2020-27916
CVE-2020-9943
CVE-2020-9944
CVE-2020-27906
CVE-2020-27945
CVE-2020-27908
CVE-2020-27909
CVE-2020-9960
CVE-2020-10017
CVE-2020-9949
CVE-2020-9897
CVE-2020-9883
CVE-2020-10003
CVE-2020-27922
CVE-2020-9999
CVE-2020-27937
CVE-2020-9965
CVE-2020-9966
CVE-2020-27894
CVE-2020-36615
CVE-2021-1790
CVE-2021-1775
CVE-2020-29629
CVE-2020-27942
CVE-2020-9962
CVE-2020-27952
CVE-2020-9956
CVE-2020-27931
CVE-2020-27930
CVE-2020-27927
CVE-2020-29639
CVE-2020-10002
CVE-2020-9978
CVE-2020-9955
CVE-2020-27924
CVE-2020-27912
CVE-2020-27923
CVE-2020-9876
CVE-2020-10015
CVE-2020-27897
CVE-2020-27907
CVE-2020-27919
CVE-2020-9967
CVE-2020-9975
CVE-2020-27921
CVE-2020-27904
CVE-2019-14899
CVE-2020-27950
CVE-2020-9974
CVE-2020-10016
CVE-2020-27932
CVE-2020-27917
CVE-2020-27920
CVE-2020-27911
CVE-2020-9971
CVE-2020-10014
CVE-2020-10010
CVE-2020-9941
CVE-2020-9988
CVE-2020-9989
CVE-2020-10011
CVE-2020-13524
CVE-2020-10004
CVE-2020-9996
CVE-2020-27901
CVE-2020-27900
CVE-2019-20838
CVE-2020-14155
CVE-2020-10007
CVE-2020-27896
CVE-2020-9963
CVE-2020-10012
CVE-2020-10663
CVE-2020-9945
CVE-2020-9977
CVE-2020-9942
CVE-2020-9987
CVE-2021-1803
CVE-2020-9969
CVE-2020-27893
CVE-2021-1755
CVE-2020-10005
CVE-2020-9991
CVE-2020-9849
CVE-2020-15358
CVE-2020-13631
CVE-2020-13434
CVE-2020-13435
CVE-2020-13630
CVE-2020-27899
CVE-2020-10009
CVE-2020-10008
CVE-2020-27918
CVE-2020-9947
CVE-2020-9950
CVE-2020-27898
CVE-2020-27935
CVE-2020-10006
CVE-2020-27936
CVE-2020-27941
CVE-2020-29621
CVE-2020-29610
CVE-2020-27948
CVE-2020-10001
CVE-2020-27946
CVE-2020-27943
CVE-2020-27944
CVE-2020-29624
CVE-2020-29608
CVE-2020-27947
CVE-2020-29612
CVE-2020-27939
CVE-2020-29625
CVE-2020-29615
CVE-2020-29616
CVE-2020-29618
CVE-2020-29611
CVE-2020-29617
CVE-2020-29619
CVE-2020-27949
CVE-2020-29620
CVE-2020-27926
CVE-2020-29633
CVE-2020-29614
CVE-2020-13520
CVE-2020-9972
CVE-2020-27938
CVE-2020-29623
CVE-2020-15969

Frequently Asked Questions

What is CVE-2020-27897?

CVE-2020-27897 is an out-of-bounds write vulnerability in the Intel Graphics Driver that has been addressed with improved bounds checking.

What is the severity of CVE-2020-27897?