SB2022051701 - Multiple vulnerabilities in Apple macOS Monterey
Published: May 17, 2022 Updated: January 9, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 84 secuirty vulnerabilities.
1) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-26712)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to improperly imposed security restrictions in PackageKit. A local application can modify protected parts of the file system.
2) Out-of-bounds write (CVE-ID: CVE-2022-26715)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error within SMB implementation. A local application can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.
3) Cryptographic issues (CVE-ID: CVE-2022-26766)
The vulnerability allows a local application to bypass signature validation.
The vulnerability exists due to a certificate parsing issue in the Security subsystem. A local application can bypass signature validation.
4) Security restrictions bypass (CVE-ID: CVE-2022-26731)
The vulnerability allows a remote attacker to track Safari users.
The vulnerability exists due to a logic issue in Safari private browsing mode. A remote attacker can track Safari users.
5) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-26746)
The vulnerability allows a local application to bypass implemented security restrictions.
The vulnerability exists due to improperly imposed security restrictions in Printing feature. A local application can bypass Privacy preferences.
6) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-26693)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a plug-in may be able to inherit the application's permissions and access user data in Preview. A local application can gain access to sensitive information.
7) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-26727)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to improperly imposed security restrictions in PackageKit. A local application can modify protected parts of the file system.
8) Use-after-free (CVE-ID: CVE-2022-23308)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing ID and IDREF attributes in valid.c. A remote attacker can pass specially crafted XML input to the application, trigger a use-after-free error and crash the application or execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
9) Buffer overflow (CVE-ID: CVE-2022-26723)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when mounting SMB shares. A remote attacker can trick the victim to mound a specially crafted SMB share, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
10) Infinite loop (CVE-ID: CVE-2022-0778)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the BN_mod_sqrt() function when processing an ASN.1 certificate that contains elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. A remote attacker can supply a specially crafted certificate to the TLS server or client, consume all available system resources and cause denial of service conditions.
11) Integer overflow (CVE-ID: CVE-2022-26775)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow in libresolv. A remote attacker can pass specially crafted data to the application, trigger integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
12) Input validation error (CVE-ID: CVE-2022-26708)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to insufficient validation of user-supplied input in libresolv. A remote attacker can pass specially crafted input to the application and execute arbitrary code on the system.
13) Input validation error (CVE-ID: CVE-2022-26776)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to insufficient validation of user-supplied input in libresolv. A remote attacker can pass specially crafted input to the application and execute arbitrary code on the system.
14) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-26767)
The vulnerability allows a local application to bypass implemented security restrictions.
The vulnerability exists in LaunchServices due to improper permissions checks. A local application can bypass Privacy preferences.
15) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-26706)
The vulnerability allows a local application to bypass sandbox restrictions.
The vulnerability exists due to sandbox bypass in LaunchServices. A local application can circumvent sandbox restrictions.
16) Out-of-bounds read (CVE-ID: CVE-2022-26718)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error within SMB implementation. A local application can trigger an out-of-bounds read and execute arbitrary code with elevated privileges.
17) Improper access control (CVE-ID: CVE-2022-26728)
The vulnerability allows a local application to gain access to restricted files.
The vulnerability exists due to improper access restrictions in SoftwareUpdate. A local application can access restricted files.
18) Buffer overflow (CVE-ID: CVE-2022-26764)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the OS kernel subsystem. A local user can trigger memory corruption and bypass kernel memory mitigations to execute arbitrary code.
19) Resource management error (CVE-ID: CVE-2022-22677)
The vulnerability allows a remote attacker to perform DoS attack.
The vulnerability exists due to a logic issue in video self-preview feature in a webRTC call, which can be interrupted if the user answers a phone call.
20) OS Command Injection (CVE-ID: CVE-2021-45444)
The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.
The vulnerability exists due to recursive PROMPT_SUBST expansion when processing malicious output. A remote attacker with ability to control the output can inject and execute arbitrary commands on the system with privileges on the current user.
21) Buffer overflow (CVE-ID: CVE-2018-25032)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input when compressing data. A remote attacker can pass specially crafted input to the application, trigger memory corruption and perform a denial of service (DoS) attack.
22) Heap-based buffer overflow (CVE-ID: CVE-2022-0530)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A remote attacker can pass specially crafted data to the application, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
23) Buffer overflow (CVE-ID: CVE-2022-26762)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error within the Wi-Fi component. A local application can trigger memory corruption and execute arbitrary code with elevated privileges.
24) Buffer overflow (CVE-ID: CVE-2022-26761)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error within the Wi-Fi component. A local application can trigger memory corruption and execute arbitrary code with elevated privileges.
25) Buffer overflow (CVE-ID: CVE-2022-26745)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a boundary error in Wi-Fi component. A local application can gain read access to restricted memory.
26) Buffer overflow (CVE-ID: CVE-2022-26719)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing HTML content in WebKit. A remote attacker can trick the victim to visit a specially crafted website, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
27) UNIX symbolic link following (CVE-ID: CVE-2022-26704)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a symlink following issue in Spotlight. A local user can create a specially crafted symbolic link to a critical file on the system and overwrite it with privileges of the application.
Successful exploitation of this vulnerability may result in privilege escalation.
28) Buffer overflow (CVE-ID: CVE-2022-26716)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing HTML content in WebKit. A remote attacker can trick the victim to visit a specially crafted website, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
29) Use-after-free (CVE-ID: CVE-2022-26717)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing HTML content in WebKit. A remote attacker can trick the victim to visit a specially crafted website, trigger memory corruption and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
30) Use-after-free (CVE-ID: CVE-2022-26710)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing HTML content in WebKit. A remote attacker can trick the victim to visit a specially crafted website, trigger memory corruption and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
31) Use-after-free (CVE-ID: CVE-2022-26709)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing HTML content in WebKit. A remote attacker can trick the victim to visit a specially crafted website, trigger memory corruption and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
32) Buffer overflow (CVE-ID: CVE-2022-26700)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing HTML content in WebKit. A remote attacker can trick the victim to visit a specially crafted website, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
33) Security features bypass (CVE-ID: CVE-2022-26755)
The vulnerability allows a local application to bypass implemented security restrictions.
The vulnerability exists within the Tcl component. A local application can break out of its sandbox.
34) Security features bypass (CVE-ID: CVE-2022-26726)
The vulnerability allows a local application to capture user's screen.
The vulnerability exists due to improperly implemented security checks in TCC component. A local application can capture user's screen.
35) Race condition (CVE-ID: CVE-2022-26765)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the OS kernel subsystem. A local user can exploit the race to bypass Pointer Authentication.
36) Use-after-free (CVE-ID: CVE-2022-26757)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the OS kernel subsystem. A local user can trigger memory corruption and execute arbitrary code with kernel privileges.
37) Buffer overflow (CVE-ID: CVE-2022-26772)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the AMD firmware. A local user can run a specially crafted program to trigger memory corruption and execute arbitrary code with elevated privileges.
38) Buffer overflow (CVE-ID: CVE-2021-44790)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when parsing multipart content in mod_lua. A remote attacker can send a specially crafted HTTP request to the affected web server, trigger buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
39) Out-of-bounds read (CVE-ID: CVE-2022-26698)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in AppleScript. A local user can trigger an out-of-bounds read error and read contents of memory on the system.
40) Out-of-bounds read (CVE-ID: CVE-2022-26697)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in AppleScript. A local user can trigger an out-of-bounds read error and read contents of memory on the system.
41) Input validation error (CVE-ID: CVE-2022-26751)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to insufficient validation of user-supplied input within the processing of HEIC files in the VTDecoderXPCService process in the AppleGraphicsControl. A remote attacker can trick the victim to open a specially crafted image and execute arbitrary code on the system.
42) Integer overflow (CVE-ID: CVE-2022-22721)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow within the ap_escape_html2() function when parsing LimitXMLRequestBody. A remote attacker can send a specially crafted request to the web server, trigger an integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
43) Inconsistent interpretation of HTTP requests (CVE-ID: CVE-2022-22720)
The vulnerability allows a remote attacker to preform HTTP request smuggling attacks.
The vulnerability exists due to improper validation of HTTP requests. A remote attacker can send a specially crafted HTTP request to the server and smuggle arbitrary HTTP headers.
Successful exploitation of vulnerability may allow an attacker to poison HTTP cache and perform phishing attacks.
44) Input validation error (CVE-ID: CVE-2022-22719)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized value in r:parsebody. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
45) Server-Side Request Forgery (SSRF) (CVE-ID: CVE-2021-44224)
The disclosed vulnerability allows a remote attacker to perform SSRF attacks.
The vulnerability exists due to insufficient validation of user-supplied input in forward proxy configurations. A remote attacker can send a specially crafted HTTP request and trick the web server to initiate requests to arbitrary systems or cause NULL pointer dereference error and crash the web server.
Successful exploitation of this vulnerability may allow a remote attacker gain access to sensitive data, located in the local network or send malicious requests to other servers from the vulnerable system.
SSRF if possible for configuration that mix forward and reverse proxy.
46) Out-of-bounds write (CVE-ID: CVE-2022-26737)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input in AVEVideoEncoder. A remote attacker can create a specially crafted file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.
47) Buffer overflow (CVE-ID: CVE-2022-26754)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the AMD firmware. A local user can run a specially crafted program to trigger memory corruption and execute arbitrary code with elevated privileges.
48) Buffer overflow (CVE-ID: CVE-2022-26753)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the AMD firmware. A local user can run a specially crafted program to trigger memory corruption and execute arbitrary code with elevated privileges.
49) Buffer overflow (CVE-ID: CVE-2022-26752)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the AMD firmware. A local user can run a specially crafted program to trigger memory corruption and execute arbitrary code with elevated privileges.
50) Buffer overflow (CVE-ID: CVE-2022-26750)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the AMD firmware. A local user can run a specially crafted program to trigger memory corruption and execute arbitrary code with elevated privileges.
51) Buffer overflow (CVE-ID: CVE-2022-26749)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the AMD firmware. A local user can run a specially crafted program to trigger memory corruption and execute arbitrary code with elevated privileges.
52) Buffer overflow (CVE-ID: CVE-2022-26742)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the AMD firmware. A local user can run a specially crafted program to trigger memory corruption and execute arbitrary code with elevated privileges.
53) Buffer overflow (CVE-ID: CVE-2022-26741)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the AMD firmware. A local user can run a specially crafted program to trigger memory corruption and execute arbitrary code with elevated privileges.
54) Out-of-bounds write (CVE-ID: CVE-2022-26736)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input in AVEVideoEncoder. A remote attacker can create a specially crafted file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.
55) Out-of-bounds write (CVE-ID: CVE-2022-26738)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input in AVEVideoEncoder. A remote attacker can create a specially crafted file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.
56) Buffer overflow (CVE-ID: CVE-2022-26714)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error in the OS kernel subsystem. A local user can trigger memory corruption and execute arbitrary code with kernel privileges.
57) Buffer overflow (CVE-ID: CVE-2022-26769)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error in Intel Graphics Driver. A local user can trigger memory corruption and execute arbitrary code with elevated privileges.
58) Out-of-bounds write (CVE-ID: CVE-2022-26743)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error in macOS Recovery. A local user can trigger an out-of-bounds write error and execute arbitrary code with kernel privileges.
59) Buffer overflow (CVE-ID: CVE-2022-26768)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error in IOMobileFrameBuffer. A local application can trigger memory corruption and execute arbitrary code with kernel privileges.
60) Race condition (CVE-ID: CVE-2022-26701)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a race condition in IOKit. A local application can exploit the race and execute arbitrary code with kernel privileges.
61) Out-of-bounds write (CVE-ID: CVE-2022-26756)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error in Intel Graphics Driver. A local user can trigger an out-of-bounds write and execute arbitrary code with kernel privileges.
62) Out-of-bounds write (CVE-ID: CVE-2022-26748)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the WebGL library in Intel Graphics Driver. A local user can trigger an out-of-bounds write and execute arbitrary code with kernel privileges.
63) Out-of-bounds read (CVE-ID: CVE-2022-26770)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error in Intel Graphics Driver. A local user can trigger an out-of-bounds read and execute arbitrary code with kernel privileges.
64) Out-of-bounds write (CVE-ID: CVE-2022-26720)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error in Intel Graphics Driver. A local user can trigger an out-of-bounds write and execute arbitrary code with kernel privileges.
65) Out-of-bounds write (CVE-ID: CVE-2022-26739)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input in AVEVideoEncoder. A remote attacker can create a specially crafted file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.
66) Information disclosure (CVE-ID: CVE-2022-26725)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by ImageIO. Photo location information may persist after it is removed with Preview Inspector. A remote attacker can gain unauthorized access to sensitive information.
67) Integer overflow (CVE-ID: CVE-2022-26711)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow when parsing WebP images in the ImageIO framework. A remote attacker can trick the victim into opening a specially crafted file, trigger an integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
68) Out-of-bounds write (CVE-ID: CVE-2022-26763)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error in DriverKit. A local application can execute arbitrary code with system privileges.
69) Improper Initialization (CVE-ID: CVE-2022-26722)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to improper initialization in CVMS. A local application can execute arbitrary code with root privileges.
70) Improper Initialization (CVE-ID: CVE-2022-26721)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to improper initialization in CVMS. A local application can execute arbitrary code with root privileges.
71) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-26694)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a plug-in may be able to inherit the application's permissions to access user data in Contacts component. A local application can abuse such behavior and gain access to sensitive information.
72) Out-of-bounds write (CVE-ID: CVE-2022-26740)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input in AVEVideoEncoder. A remote attacker can create a specially crafted file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.
73) Input validation error (CVE-ID: CVE-2022-32790)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in libresolv. A remote attacker can pass specially crafted DNS response to the systen and perform a denial of service (DoS) attack.
74) Security features bypass (CVE-ID: CVE-2022-26696)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to insecure handling of XPC messages in the LaunchServices component. A local user can escape the sandbox and execute arbitrary code with elevated privileges.
75) Security restrictions bypass (CVE-ID: CVE-2022-22617)
The vulnerability allows a malicious application to escalate privileges on the system.
The vulnerability exists due to a logic error in PackageKit. A malicious application can bypass implemented security restrictions and escalate privileges on the system.
76) Information disclosure (CVE-ID: CVE-2022-26707)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to improper input validation in AppleMobileFileIntegrity. A local user can gain access to sensitive user information.
77) Information disclosure (CVE-ID: CVE-2022-32781)
The vulnerability allows a local application to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output in FaceTime. A local application can gain unauthorized access to sensitive information on the system.
78) Security features bypass (CVE-ID: CVE-2022-32782)
The vulnerability allows a local application to gain access to sensitive information.
the vulnerability exists due to improper permissions management in Photo Booth. A local application with root privileges can access user's private information.
79) Improper access control (CVE-ID: CVE-2022-32783)
The vulnerability allows a local application to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions in Bluetooth. A local application can bypass implemented security restrictions and gain unauthorized access.
80) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-32794)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to improperly imposed security restrictions in PackageKit. A local application can escalate privileges on the system.
81) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-32882)
The vulnerability allows a local application to bypass implemented security restrictions.
The vulnerability exists due to improper access restrictions in Libinfo. A local application can bypass Privacy preferences.
82) Improper Authorization (CVE-ID: CVE-2022-48575)
The vulnerability allows an attacker to bypass the Login Window.
The vulnerability exists due to a consistency issue in the Login Windows. An attacker with physical access to device can bypass the login window and gain unauthorized access to the system.
83) UNIX symbolic link following (CVE-ID: CVE-2022-42857)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a symlink following issue. A local user can create a specially crafted symbolic link to protected regions of the disk and overwrite files on the system.
84) Buffer overflow (CVE-ID: CVE-2022-26758)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error within the OS kernel. A local application can trigger memory corruption and execute arbitrary code with kernel privileges.
Remediation
Install update from vendor's website.