CVE-2024-23296 (GCVE-0-2024-23296)

Vulnerability from cvelistv5 – Published: 2024-03-05 19:24 – Updated: 2025-11-04 18:28
VLAI?
Summary
A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 17.4 and iPadOS 17.4. An attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protections. Apple is aware of a report that this issue may have been exploited.
Severity ?
7.8 (High)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE
  • An attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protections. Apple is aware of a report that this issue may have been exploited.
Assigner
References
Impacted products
Vendor Product Version
Apple iOS and iPadOS Affected: unspecified , < 17.4 (custom)
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:apple:ipad_os:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ipad_os",
            "vendor": "apple",
            "versions": [
              {
                "lessThan": "17.4",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:apple:iphone_os:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "iphone_os",
            "vendor": "apple",
            "versions": [
              {
                "lessThan": "17.4",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:apple:macos:14.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "macos",
            "vendor": "apple",
            "versions": [
              {
                "lessThan": "14.4",
                "status": "affected",
                "version": "14.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:apple:tvos:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "tvos",
            "vendor": "apple",
            "versions": [
              {
                "lessThan": "17.4",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:apple:visionos:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "visionos",
            "vendor": "apple",
            "versions": [
              {
                "lessThan": "1.1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "watchos",
            "vendor": "apple",
            "versions": [
              {
                "lessThan": "10.4",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 7.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-23296",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-03-09T05:00:52.848270Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2024-03-06",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-23296"
              },
              "type": "kev"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-787",
                "description": "CWE-787 Out-of-bounds Write",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-21T23:05:23.256Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "government-resource"
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-23296"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2024-03-06T00:00:00+00:00",
            "value": "CVE-2024-23296 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-04T18:28:31.800Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/en-us/HT214081"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT214088"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT214084"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT214086"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT214087"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2024/Mar/18"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2024/Mar/21"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2024/Mar/25"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2024/Mar/24"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2024/Mar/26"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT214107"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2024/May/11"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2024/May/13"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT214100"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT214118"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2024/Jul/20"
          },
          {
            "url": "https://support.apple.com/kb/HT214081"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "iOS and iPadOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "17.4",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 17.4 and iPadOS 17.4. An attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protections. Apple is aware of a report that this issue may have been exploited."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "An attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protections. Apple is aware of a report that this issue may have been exploited.",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-07-29T22:07:07.727Z",
        "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "shortName": "apple"
      },
      "references": [
        {
          "url": "https://support.apple.com/en-us/HT214081"
        },
        {
          "url": "https://support.apple.com/kb/HT214088"
        },
        {
          "url": "https://support.apple.com/kb/HT214084"
        },
        {
          "url": "https://support.apple.com/kb/HT214086"
        },
        {
          "url": "https://support.apple.com/kb/HT214087"
        },
        {
          "url": "http://seclists.org/fulldisclosure/2024/Mar/18"
        },
        {
          "url": "http://seclists.org/fulldisclosure/2024/Mar/21"
        },
        {
          "url": "http://seclists.org/fulldisclosure/2024/Mar/25"
        },
        {
          "url": "http://seclists.org/fulldisclosure/2024/Mar/24"
        },
        {
          "url": "http://seclists.org/fulldisclosure/2024/Mar/26"
        },
        {
          "url": "https://support.apple.com/kb/HT214107"
        },
        {
          "url": "http://seclists.org/fulldisclosure/2024/May/11"
        },
        {
          "url": "http://seclists.org/fulldisclosure/2024/May/13"
        },
        {
          "url": "https://support.apple.com/kb/HT214100"
        },
        {
          "url": "https://support.apple.com/kb/HT214118"
        },
        {
          "url": "http://seclists.org/fulldisclosure/2024/Jul/20"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
    "assignerShortName": "apple",
    "cveId": "CVE-2024-23296",
    "datePublished": "2024-03-05T19:24:13.999Z",
    "dateReserved": "2024-01-12T22:22:21.502Z",
    "dateUpdated": "2025-11-04T18:28:31.800Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "cisa_known_exploited": {
      "cveID": "CVE-2024-23296",
      "cwes": "[\"CWE-787\"]",
      "dateAdded": "2024-03-06",
      "dueDate": "2024-03-27",
      "knownRansomwareCampaignUse": "Unknown",
      "notes": "https://support.apple.com/en-us/HT214081, https://support.apple.com/en-us/HT214082, https://support.apple.com/en-us/HT214084, https://support.apple.com/en-us/HT214086, https://support.apple.com/en-us/HT214088  ;  https://nvd.nist.gov/vuln/detail/CVE-2024-23296",
      "product": "Multiple Products",
      "requiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
      "shortDescription": "Apple iOS, iPadOS, macOS, tvOS, and watchOS RTKit contain a memory corruption vulnerability that allows an attacker with arbitrary kernel read and write capability to bypass kernel memory protections.",
      "vendorProject": "Apple",
      "vulnerabilityName": "Apple Multiple Products Memory Corruption Vulnerability"
    },
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://support.apple.com/en-us/HT214081\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://support.apple.com/kb/HT214088\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://support.apple.com/kb/HT214084\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://support.apple.com/kb/HT214086\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://support.apple.com/kb/HT214087\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://seclists.org/fulldisclosure/2024/Mar/18\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://seclists.org/fulldisclosure/2024/Mar/21\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://seclists.org/fulldisclosure/2024/Mar/25\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://seclists.org/fulldisclosure/2024/Mar/24\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://seclists.org/fulldisclosure/2024/Mar/26\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://support.apple.com/kb/HT214107\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://seclists.org/fulldisclosure/2024/May/11\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://seclists.org/fulldisclosure/2024/May/13\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://support.apple.com/kb/HT214100\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://support.apple.com/kb/HT214118\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://seclists.org/fulldisclosure/2024/Jul/20\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-01T22:59:32.205Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.8, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-23296\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"active\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-03-09T05:00:52.848270Z\"}}}, {\"other\": {\"type\": \"kev\", \"content\": {\"dateAdded\": \"2024-03-06\", \"reference\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-23296\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:o:apple:ipad_os:-:*:*:*:*:*:*:*\"], \"vendor\": \"apple\", \"product\": \"ipad_os\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"17.4\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:o:apple:iphone_os:-:*:*:*:*:*:*:*\"], \"vendor\": \"apple\", \"product\": \"iphone_os\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"17.4\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:o:apple:macos:14.0:*:*:*:*:*:*:*\"], \"vendor\": \"apple\", \"product\": \"macos\", \"versions\": [{\"status\": \"affected\", \"version\": \"14.0\", \"lessThan\": \"14.4\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:o:apple:tvos:-:*:*:*:*:*:*:*\"], \"vendor\": \"apple\", \"product\": \"tvos\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"17.4\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:o:apple:visionos:-:*:*:*:*:*:*:*\"], \"vendor\": \"apple\", \"product\": \"visionos\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"1.1\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*\"], \"vendor\": \"apple\", \"product\": \"watchos\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"10.4\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2024-03-06T00:00:00+00:00\", \"value\": \"CVE-2024-23296 added to CISA KEV\"}], \"references\": [{\"url\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-23296\", \"tags\": [\"government-resource\"]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-787\", \"description\": \"CWE-787 Out-of-bounds Write\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-05-01T17:32:45.502Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"Apple\", \"product\": \"iOS and iPadOS\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"17.4\", \"versionType\": \"custom\"}]}], \"references\": [{\"url\": \"https://support.apple.com/en-us/HT214081\"}, {\"url\": \"https://support.apple.com/kb/HT214088\"}, {\"url\": \"https://support.apple.com/kb/HT214084\"}, {\"url\": \"https://support.apple.com/kb/HT214086\"}, {\"url\": \"https://support.apple.com/kb/HT214087\"}, {\"url\": \"http://seclists.org/fulldisclosure/2024/Mar/18\"}, {\"url\": \"http://seclists.org/fulldisclosure/2024/Mar/21\"}, {\"url\": \"http://seclists.org/fulldisclosure/2024/Mar/25\"}, {\"url\": \"http://seclists.org/fulldisclosure/2024/Mar/24\"}, {\"url\": \"http://seclists.org/fulldisclosure/2024/Mar/26\"}, {\"url\": \"https://support.apple.com/kb/HT214107\"}, {\"url\": \"http://seclists.org/fulldisclosure/2024/May/11\"}, {\"url\": \"http://seclists.org/fulldisclosure/2024/May/13\"}, {\"url\": \"https://support.apple.com/kb/HT214100\"}, {\"url\": \"https://support.apple.com/kb/HT214118\"}, {\"url\": \"http://seclists.org/fulldisclosure/2024/Jul/20\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 17.4 and iPadOS 17.4. An attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protections. Apple is aware of a report that this issue may have been exploited.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"description\": \"An attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protections. Apple is aware of a report that this issue may have been exploited.\"}]}], \"providerMetadata\": {\"orgId\": \"286789f9-fbc2-4510-9f9a-43facdede74c\", \"shortName\": \"apple\", \"dateUpdated\": \"2024-07-29T22:07:07.727Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-23296\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-10-21T23:05:23.256Z\", \"dateReserved\": \"2024-01-12T22:22:21.502Z\", \"assignerOrgId\": \"286789f9-fbc2-4510-9f9a-43facdede74c\", \"datePublished\": \"2024-03-05T19:24:13.999Z\", \"assignerShortName\": \"apple\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.