CVE-2011-0182

Apple Mac OS X <10.6.7 - Privilege Escalation

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2011-0182. PoCs published by hkpco.

AI-analyzed exploit summary This exploit triggers a kernel panic in Mac OS X < 10.6.7 by manipulating the Local Descriptor Table (LDT) via i386_set_ldt syscalls and executing a call gate. It demonstrates a denial-of-service condition but includes a placeholder for potential privilege escalation via shellcode.

Description

The i386_set_ldt system call in the kernel in Apple Mac OS X before 10.6.7 does not properly handle call gates, which allows local users to gain privileges via vectors involving the creation of a call gate entry.

Exploits (1)

exploitdb WORKING POC
by hkpco · cdososx
https://www.exploit-db.com/exploits/17901

This exploit triggers a kernel panic in Mac OS X < 10.6.7 by manipulating the Local Descriptor Table (LDT) via i386_set_ldt syscalls and executing a call gate. It demonstrates a denial-of-service condition but includes a placeholder for potential privilege escalation via shellcode.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Moderate
Reliability
Reliable
Target: Mac OS X < 10.6.7
No auth needed
Prerequisites: Mac OS X < 10.6.7 · 32-bit architecture
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Patch, Vendor Advisory vendor-advisory x_refsource_apple
http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/8402
Patch, Vendor Advisory x_refsource_confirm
http://support.apple.com/kb/HT4581

Scores

EPSS 0.0169
EPSS Percentile 74.0%

Details

CWE
CWE-20
Status published
Products (14)
apple/mac_os_x 10.6.0
apple/mac_os_x 10.6.1
apple/mac_os_x 10.6.2
apple/mac_os_x 10.6.3
apple/mac_os_x 10.6.4
apple/mac_os_x 10.6.5
apple/mac_os_x < 10.6.6
apple/mac_os_x_server 10.6.0
apple/mac_os_x_server 10.6.1
apple/mac_os_x_server 10.6.2
... and 4 more
Published Mar 23, 2011
Tracked Since Feb 18, 2026