Maxime Villard

**Name of the Vulnerable Software and Affected Versions** Intel(R) TDX module software versions prior to TDX 1.5.01.00.592 **Description** The issue is related to incomplete filtering of special elements in the Intel(R) TDX module software, which may allow an authenticated user to potentially enable escalation of privilege via local access. **Recommendations** For versions prior to TDX 1.5.01.00.592, update to version TDX 1.5.01.00.592 or later to prevent potential escalation of privilege via local access. As a temporary workaround, consider restricting local access to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Intel(R) TDX module software versions prior to 1.5.05.46.698 **Description** The issue is related to improper input validation in the Intel(R) TDX module software, which may allow a privileged user to potentially enable escalation of privilege via local access. This could lead to a potential system compromise. **Recommendations** For versions prior to 1.5.05.46.698, upgrade the affected component to mitigate the risk. As a temporary workaround, consider restricting local access to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Intel TDX versions prior to 1.5.05.46.698 **Description** The issue is related to improper input validation in some Intel TDX module software, which may allow a privileged user to potentially enable escalation of privilege via local access. This could permit an attacker to increase their privileges. **Recommendations** For versions prior to 1.5.05.46.698, update to version 1.5.05.46.698 or later to resolve the issue. As a temporary workaround, consider restricting local access to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** AirPort Base Station Firmware versions prior to 7.8.1 AirPort Base Station Firmware versions prior to 7.9.1 **Description** A denial of service issue was addressed with improved memory handling. An attacker in a privileged position may be able to perform a denial of service attack. **Recommendations** For AirPort Base Station Firmware versions prior to 7.8.1, update to AirPort Base Station Firmware Update 7.8.1. For AirPort Base Station Firmware versions prior to 7.9.1, update to AirPort Base Station Firmware Update 7.9.1.

**Name of the Vulnerable Software and Affected Versions** AirPort Base Station Firmware versions prior to 7.8.1 AirPort Base Station Firmware versions prior to 7.9.1 **Description** The issue concerns the unexpected acceptance of source-routed IPv4 packets, which were disabled by default. **Recommendations** For AirPort Base Station Firmware versions prior to 7.8.1, update to AirPort Base Station Firmware Update 7.8.1. For AirPort Base Station Firmware versions prior to 7.9.1, update to AirPort Base Station Firmware Update 7.9.1.

**Name of the Vulnerable Software and Affected Versions** AirPort Base Station Firmware versions prior to 7.8.1 AirPort Base Station Firmware versions prior to 7.9.1 **Description** A use after free issue was addressed with improved memory management. A remote attacker may be able to cause arbitrary code execution. **Recommendations** For AirPort Base Station Firmware versions prior to 7.8.1, update to AirPort Base Station Firmware Update 7.8.1. For AirPort Base Station Firmware versions prior to 7.9.1, update to AirPort Base Station Firmware Update 7.9.1.

**Name of the Vulnerable Software and Affected Versions** AirPort Base Station Firmware versions prior to 7.8.1 AirPort Base Station Firmware versions prior to 7.9.1 **Description** A null pointer dereference issue was addressed through improved input validation. This issue allows a remote attacker to potentially cause arbitrary code execution. **Recommendations** For AirPort Base Station Firmware versions prior to 7.8.1, update to AirPort Base Station Firmware Update 7.8.1. For AirPort Base Station Firmware versions prior to 7.9.1, update to AirPort Base Station Firmware Update 7.9.1.

**Name of the Vulnerable Software and Affected Versions** FreeBSD versions 12.1-STABLE before r356035 FreeBSD versions 12.1-RELEASE before 12.1-RELEASE-p4 FreeBSD versions 11.3-STABLE before r356036 FreeBSD versions 11.3-RELEASE before 11.3-RELEASE-p8 **Description** The issue is related to incomplete packet data validation, which may result in accessing out-of-bounds memory. This can lead to a kernel panic or other unpredictable results. **Recommendations** For FreeBSD versions 12.1-STABLE before r356035, update to a version after r356035. For FreeBSD versions 12.1-RELEASE before 12.1-RELEASE-p4, update to 12.1-RELEASE-p4 or later. For FreeBSD versions 11.3-STABLE before r356036, update to a version after r356036. For FreeBSD versions 11.3-RELEASE before 11.3-RELEASE-p8, update to 11.3-RELEASE-p8 or later.

**Name of the Vulnerable Software and Affected Versions** FreeBSD versions 12.1-STABLE before r356035 FreeBSD versions 12.1-RELEASE before 12.1-RELEASE-p4 FreeBSD versions 11.3-STABLE before r356036 FreeBSD versions 11.3-RELEASE before 11.3-RELEASE-p8 **Description** The issue is caused by incomplete packet data validation, which may result in memory access after it has been freed. This can lead to a kernel panic or other unpredictable results. **Recommendations** For FreeBSD versions 12.1-STABLE before r356035, update to a version after r356035. For FreeBSD versions 12.1-RELEASE before 12.1-RELEASE-p4, update to 12.1-RELEASE-p4 or later. For FreeBSD versions 11.3-STABLE before r356036, update to a version after r356036. For FreeBSD versions 11.3-RELEASE before 11.3-RELEASE-p8, update to 11.3-RELEASE-p8 or later.

Name of the Vulnerable Software and Affected Versions: FreeBSD versions prior to 11.1-STABLE FreeBSD versions prior to 11.1-RELEASE-p9 FreeBSD versions prior to 10.4-STABLE FreeBSD versions prior to 10.4-RELEASE-p8 FreeBSD versions prior to 10.3-RELEASE-p28 Description: The issue is related to the length field of the ipsec option header, which does not count the size of the option header itself. This can cause an infinite loop when the length is zero, allowing a remote attacker to crash the machine by sending an arbitrary packet. The vulnerability can be exploited by a remote attacker to cause a denial of service. Recommendations: For versions prior to 11.1-STABLE, update to 11.1-STABLE or later. For versions prior to 11.1-RELEASE-p9, update to 11.1-RELEASE-p9 or later. For versions prior to 10.4-STABLE, update to 10.4-STABLE or later. For versions prior to 10.4-RELEASE-p8, update to 10.4-RELEASE-p8 or later. For versions prior to 10.3-RELEASE-p28, update to 10.3-RELEASE-p28 or later.

Name of the Vulnerable Software and Affected Versions: FreeBSD versions prior to 11.1-STABLE FreeBSD versions prior to 11.1-RELEASE-p7 FreeBSD versions prior to 10.4-STABLE FreeBSD versions prior to 10.4-RELEASE-p7 FreeBSD versions prior to 10.3-RELEASE-p28 Description: The issue is related to the kernel's improper validation of IPsec packets from a trusted host and a use-after-free vulnerability in the IPsec AH handling code. This could lead to a system crash or other unpredictable results. The vulnerability may also allow a remote attacker to execute arbitrary code. Recommendations: For versions prior to 11.1-STABLE, update to 11.1-STABLE or later. For versions prior to 11.1-RELEASE-p7, update to 11.1-RELEASE-p7 or later. For versions prior to 10.4-STABLE, update to 10.4-STABLE or later. For versions prior to 10.4-RELEASE-p7, update to 10.4-RELEASE-p7 or later. For versions prior to 10.3-RELEASE-p28, update to 10.3-RELEASE-p28 or later.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 10.13.1 **Description** An out-of-bounds read issue was discovered, involving the `Kernel` component. This issue allows local users to bypass intended memory-read restrictions. **Recommendations** For macOS versions prior to 10.13.1, update to version 10.13.1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 10.13.1 **Description** The issue is caused by a buffer overflow in the memory, allowing remote attackers to cause a denial of service or possibly have other impacts, such as memory corruption, via a crafted mach binary. This can be achieved by exploiting the "Kernel" component. **Recommendations** For macOS versions prior to 10.13.1, update to version 10.13.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the Kernel component to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** iOS (affected versions not specified) **Description** The issue is caused by a buffer overflow in the operating system's kernel. It may allow a local attacker to elevate privileges or cause a denial of service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 9 **Description** The issue is related to the NetworkExtension component in the kernel, which does not properly initialize a data structure, allowing attackers to obtain sensitive memory-layout information via a crafted app. This can enable a remote attacker to access protected information stored in memory using a specially formed application. **Recommendations** For iOS versions prior to 9, update to a version 9 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** iOS (affected versions not specified) **Description** The issue is caused by a buffer overflow in the operating system's kernel. It may allow a local attacker to elevate their privileges or cause a denial of service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Apple OS X versions prior to 10.10.5 **Description** The issue is related to errors in the code of the operating system, specifically in how HFS volumes are mounted. This can be exploited by a local attacker to cause a denial of service by mounting a crafted HFS volume. **Recommendations** For Apple OS X versions prior to 10.10.5, update to version 10.10.5 or later to resolve the issue. As a temporary workaround, consider restricting the ability to mount HFS volumes to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Apple iOS versions prior to 8.3 Apple OS X versions prior to 10.10.3 Apple TV versions prior to 7.2 **Description** The issue allows attackers to cause a denial of service or obtain sensitive memory-content information via a crafted app. This is due to out-of-bounds memory access in the kernel. **Recommendations** For Apple iOS versions prior to 8.3, update to version 8.3 or later. For Apple OS X versions prior to 10.10.3, update to version 10.10.3 or later. For Apple TV versions prior to 7.2, update to version 7.2 or later.