CVE-2021-30805: Input Validation
Published Jul 21, 2021
·Updated
A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.5, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave. An application may be able to execute arbitrary code with kernel privileges.
Credit
ABC Research s.r.o, Denis Tokarev@@illusionofcha0s, hjy79425575(Trend Micro Zero Day Initiative), Csaba Fitzl@@theevilbit(Offensive Security), tr3e, George Nosenko, JunDong Xie(Ant Security Light), ryuzaki, Zhongcheng Li (CK01), Ron Waisberg@@epsilan, Tim Michaud@@TimGMichaud(Zoom Video Communications), Gary Nield(ECSC Group plc), Mickey Jin@@patch1t(Trend Micro), Sunglin(Knownsec 404 team), Yizhuo Wang(Group of Software Security In Progress), Linus Henze (pinauten.de), Wojciech Reguła@@_r3ggi(SecuRing), tr3e(Trend Micro Zero Day Initiative), Matt Shockley (twitter.com/mattshockl)(Offensive Security), Jzhu(Baidu Security), Ye Zhang@@co0py_Cat(Baidu Security), CFF(Topsec Alpha Team), Anonymous(Trend Micro Zero Day Initiative), Liu Long(Ant Security Light), Yinyi Wu@@3ndy1(Qihoo 360 Vulcan Team), Zuozhi Fan@@pattern_F_(Ant Security TianQiong Lab), CVE-2021-3518, Georgi Valkov (httpstorm.com), Mickey Jin@@patch1t(Trend Micro working with Trend Micro Zero Day Initiative), Christoph Guttandin(Media Codings), Sergei Glazunov(Google Project Zero), Ivan Fratric(Google Project Zero)
Affected Software
34 affected componentsFixes available
Apple macOS Big Sur<11.5
11.5
Apple Catalina
Apple Mojave
Apple iOS and macOS>=10.14<=10.14.6
Apple iOS and macOS>=10.15<=10.15.7
Apple iOS and macOS=10.14.6-security_update_2019-001
Apple iOS and macOS=10.14.6-security_update_2019-002
Apple iOS and macOS=10.14.6-security_update_2019-004
Apple iOS and macOS=10.14.6-security_update_2019-005
Apple iOS and macOS=10.14.6-security_update_2019-006
Apple iOS and macOS=10.14.6-security_update_2019-007
Apple iOS and macOS=10.14.6-security_update_2020-001
Apple iOS and macOS=10.14.6-security_update_2020-002
Apple iOS and macOS=10.14.6-security_update_2020-003
Apple iOS and macOS=10.14.6-security_update_2020-004
Apple iOS and macOS=10.14.6-security_update_2020-005
Apple iOS and macOS=10.14.6-security_update_2020-006
Apple iOS and macOS=10.14.6-security_update_2020-007
Apple iOS and macOS=10.14.6-security_update_2021-001
Apple iOS and macOS=10.14.6-security_update_2021-002
Apple iOS and macOS=10.14.6-security_update_2021-003
Apple iOS and macOS=10.14.6-security_update_2021-004
Apple iOS and macOS=10.14.6-supplemental_update
Apple iOS and macOS=10.14.6-supplemental_update_2
Apple iOS and macOS=10.15.6-supplemental_update
Apple iOS and macOS=10.15.7-security_update_2020
Apple iOS and macOS=10.15.7-security_update_2020-001
Apple iOS and macOS=10.15.7-security_update_2020-005
Apple iOS and macOS=10.15.7-security_update_2020-007
Apple iOS and macOS=10.15.7-security_update_2021-001
Apple iOS and macOS=10.15.7-security_update_2021-002
Apple iOS and macOS=10.15.7-security_update_2021-003
Apple iOS and macOS=10.15.7-supplemental_update
Apple macOS>=11.0<11.5
Event History
Jul 21, 2021
Data Sourced
via Apple·12:00 AM
DescriptionWeaknessAffected Software
Sep 8, 2021
CVE Published
via MITRE·01:39 PM
Data Sourced
via MITRE·01:39 PM
DescriptionWeakness
Frequently Asked Questions
1
What is CVE-2021-30805?
CVE-2021-30805 is a vulnerability in the AMD Kernel that allows for a memory corruption issue due to a lack of input validation.
2
What software versions are affected by CVE-2021-30805?
CVE-2021-30805 affects Apple Mojave, Apple Catalina, and Apple macOS Big Sur versions up to 11.5.
3
How can I fix CVE-2021-30805?
To fix CVE-2021-30805, update your Apple operating system to version 11.5 or later.
4
Where can I find more information about CVE-2021-30805?
You can find more information about CVE-2021-30805 on the Apple support website. Here are some relevant references: