The kernel in Apple iOS before 6.1 and Apple TV before 5.2 does not properly validate copyin and copyout arguments, which allows local users to bypass intended pointer restrictions and access locations in the first kernel-memory page by specifying a length of less than one page.
2013-01-29T05:58:54.930
2025-04-11T00:51:21.963
Deferred
CVSSv2: 3.6 (LOW)
AV:L/AC:L/Au:N/C:P/I:P/A:N
3.9
4.9
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Operating System | apple | tvos | ≤ 5.1.1 | Yes |
| Operating System | apple | tvos | 1.0.0 | Yes |
| Operating System | apple | tvos | 1.1.0 | Yes |
| Operating System | apple | tvos | 2.0.0 | Yes |
| Operating System | apple | tvos | 2.0.1 | Yes |
| Operating System | apple | tvos | 2.0.2 | Yes |
| Operating System | apple | tvos | 2.1.0 | Yes |
| Operating System | apple | tvos | 2.2.0 | Yes |
| Operating System | apple | tvos | 2.3.0 | Yes |
| Operating System | apple | tvos | 2.3.1 | Yes |
| Operating System | apple | tvos | 2.4.0 | Yes |
| Operating System | apple | tvos | 3.0.0 | Yes |
| Operating System | apple | tvos | 3.0.1 | Yes |
| Operating System | apple | tvos | 3.0.2 | Yes |
| Operating System | apple | tvos | 4.1.0 | Yes |
| Operating System | apple | tvos | 4.1.1 | Yes |
| Operating System | apple | tvos | 4.2.0 | Yes |
| Operating System | apple | tvos | 4.2.1 | Yes |
| Operating System | apple | tvos | 4.2.2 | Yes |
| Operating System | apple | tvos | 4.3.0 | Yes |
| Operating System | apple | tvos | 4.4.0 | Yes |
| Operating System | apple | tvos | 4.4.2 | Yes |
| Operating System | apple | tvos | 4.4.3 | Yes |
| Operating System | apple | tvos | 4.4.4 | Yes |
| Operating System | apple | tvos | 5.0.0 | Yes |
| Operating System | apple | tvos | 5.0.1 | Yes |
| Operating System | apple | tvos | 5.0.2 | Yes |
| Operating System | apple | tvos | 5.1.0 | Yes |
| Operating System | apple | iphone_os | ≤ 6.0.2 | Yes |
| Operating System | apple | iphone_os | 6.0 | Yes |
| Operating System | apple | iphone_os | 6.0.1 | Yes |