Search for vulnerabilities
Vulnerability details: VCID-7zws-e8gy-aaaq
Vulnerability ID VCID-7zws-e8gy-aaaq
Aliases CVE-2024-27834
Summary The issue was addressed with improved checks. This issue is fixed in iOS 17.5 and iPadOS 17.5, tvOS 17.5, Safari 17.5, watchOS 10.5, macOS Sonoma 14.5. An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication.
Status Published
Exploitability 0.5
Weighted Severity 7.9
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-285 Improper Authorization
CWE-288 Authentication Bypass Using an Alternate Path or Channel
System Score Found at
cvssv3 8.8 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-27834.json
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2024-27834
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2024-27834
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2024-27834
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2024-27834
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2024-27834
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2024-27834
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2024-27834
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2024-27834
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2024-27834
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2024-27834
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2024-27834
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2024-27834
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2024-27834
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2024-27834
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2024-27834
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2024-27834
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2024-27834
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2024-27834
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2024-27834
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2024-27834
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2024-27834
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2024-27834
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2024-27834
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2024-27834
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2024-27834
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2024-27834
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2024-27834
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2024-27834
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2024-27834
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2024-27834
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2024-27834
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2024-27834
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2024-27834
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2024-27834
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2024-27834
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2024-27834
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2024-27834
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2024-27834
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2024-27834
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2024-27834
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2024-27834
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2024-27834
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2024-27834
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2024-27834
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2024-27834
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2024-27834
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2024-27834
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2024-27834
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2024-27834
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2024-27834
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2024-27834
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2024-27834
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2024-27834
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2024-27834
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2024-27834
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2024-27834
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2024-27834
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2024-27834
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2024-27834
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2024-27834
epss 0.00051 https://api.first.org/data/v1/epss?cve=CVE-2024-27834
epss 0.00051 https://api.first.org/data/v1/epss?cve=CVE-2024-27834
epss 0.00051 https://api.first.org/data/v1/epss?cve=CVE-2024-27834
epss 0.00051 https://api.first.org/data/v1/epss?cve=CVE-2024-27834
epss 0.00055 https://api.first.org/data/v1/epss?cve=CVE-2024-27834
epss 0.00055 https://api.first.org/data/v1/epss?cve=CVE-2024-27834
epss 0.00055 https://api.first.org/data/v1/epss?cve=CVE-2024-27834
epss 0.00055 https://api.first.org/data/v1/epss?cve=CVE-2024-27834
epss 0.00055 https://api.first.org/data/v1/epss?cve=CVE-2024-27834
epss 0.00055 https://api.first.org/data/v1/epss?cve=CVE-2024-27834
epss 0.00055 https://api.first.org/data/v1/epss?cve=CVE-2024-27834
epss 0.00055 https://api.first.org/data/v1/epss?cve=CVE-2024-27834
epss 0.00055 https://api.first.org/data/v1/epss?cve=CVE-2024-27834
epss 0.00055 https://api.first.org/data/v1/epss?cve=CVE-2024-27834
epss 0.00055 https://api.first.org/data/v1/epss?cve=CVE-2024-27834
epss 0.00055 https://api.first.org/data/v1/epss?cve=CVE-2024-27834
epss 0.00055 https://api.first.org/data/v1/epss?cve=CVE-2024-27834
epss 0.00055 https://api.first.org/data/v1/epss?cve=CVE-2024-27834
epss 0.00055 https://api.first.org/data/v1/epss?cve=CVE-2024-27834
epss 0.00136 https://api.first.org/data/v1/epss?cve=CVE-2024-27834
cvssv3.1 8.8 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3 5.5 https://nvd.nist.gov/vuln/detail/CVE-2024-27834
cvssv3.1 5.5 https://nvd.nist.gov/vuln/detail/CVE-2024-27834
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-27834.json
https://api.first.org/data/v1/epss?cve=CVE-2024-27834
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27808
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27820
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27833
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27834
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27850
http://seclists.org/fulldisclosure/2024/May/10
http://seclists.org/fulldisclosure/2024/May/12
http://seclists.org/fulldisclosure/2024/May/16
http://seclists.org/fulldisclosure/2024/May/17
http://seclists.org/fulldisclosure/2024/May/9
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ADCLQW54XN37VJZNYD3UKCYATJFIMYXG/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WKIXADCW3O4R2OOSDZGPU55XQFE6NA3M/
https://support.apple.com/en-us/HT214101
https://support.apple.com/en-us/HT214102
https://support.apple.com/en-us/HT214103
https://support.apple.com/en-us/HT214104
https://support.apple.com/en-us/HT214106
http://www.openwall.com/lists/oss-security/2024/05/21/1
2282412 https://bugzilla.redhat.com/show_bug.cgi?id=2282412
cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*
cpe:2.3:a:webkitgtk:webkitgtk:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:webkitgtk:webkitgtk:*:*:*:*:*:*:*:*
cpe:2.3:a:wpewebkit:wpe_webkit:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:wpewebkit:wpe_webkit:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:*
CVE-2024-27834 https://nvd.nist.gov/vuln/detail/CVE-2024-27834
RHSA-2023:4201 https://access.redhat.com/errata/RHSA-2023:4201
RHSA-2023:4202 https://access.redhat.com/errata/RHSA-2023:4202
RHSA-2024:9636 https://access.redhat.com/errata/RHSA-2024:9636
USN-6788-1 https://usn.ubuntu.com/6788-1/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-27834.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2024-27834
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2024-27834
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.09077
EPSS Score 0.00036
Published At April 15, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2024-05-17T12:42:18.422049+00:00 NVD Importer Import https://nvd.nist.gov/vuln/detail/CVE-2024-27834 34.0.0rc4