CVE-2017-2516

MEDIUM

macOS < 10.12.5 - Kernel Memory Read Restriction Bypass via Crafted App

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-2516. PoCs published by Google Security Research.

AI-analyzed exploit summary This exploit leverages the syscall stack_snapshot_with_config() to allow unentitled root users to dump kernel stack information, including unslid kernel text pointers and valid kernel stack pointers. The PoC demonstrates an information leak vulnerability in macOS kernels.

Description

An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Google Security Research · textdosmacos
https://www.exploit-db.com/exploits/42047

This exploit leverages the syscall stack_snapshot_with_config() to allow unentitled root users to dump kernel stack information, including unslid kernel text pointers and valid kernel stack pointers. The PoC demonstrates an information leak vulnerability in macOS kernels.

Classification
Working Poc 90%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Reliable
Target: macOS kernel (versions affected by CVE-2017-2516)
Auth required
Prerequisites: root access · macOS system with vulnerable kernel
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1038484
Vendor Advisory x_refsource_confirm
https://support.apple.com/HT207797
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/42047/

Scores

CVSS v3 5.0
EPSS 0.0288
EPSS Percentile 85.0%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

Details

Status published
Products (1)
apple/mac_os_x < 10.12.4
Published May 22, 2017
Tracked Since Feb 18, 2026