CVE-2020-9909

MEDIUM

iPadOS < 13.6 - Out-of-bounds Read

Title source: llm
STIX 2.1

Description

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8. An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations.

References (3)

Core 3
Core References
Vendor Advisory x_refsource_misc
https://support.apple.com/HT211288
Vendor Advisory x_refsource_misc
https://support.apple.com/HT211290
Vendor Advisory x_refsource_misc
https://support.apple.com/HT211291

Scores

CVSS v3 5.9
EPSS 0.0172
EPSS Percentile 74.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-125
Status published
Products (4)
apple/ipados < 13.6
apple/iphone_os < 13.6
apple/tvos < 13.4.8
apple/watchos < 6.2.8
Published Oct 16, 2020
Tracked Since Feb 18, 2026