CVE-2019-6207

MEDIUM

Apple Iphone OS < 12.2 - Out-of-Bounds Read

Title source: rule

Description

An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. A malicious application may be able to determine kernel memory layout.

Exploits (3)

nomisec WORKING POC 71 stars

by maldiohead · poc

https://github.com/maldiohead/CVE-2019-6207

View Code ZIP pw:eip

nomisec WORKING POC 30 stars

by DimitriFourny · poc

https://github.com/DimitriFourny/cve-2019-6207

View Code ZIP pw:eip

nomisec STUB

by dothanthitiendiettiende · poc

https://github.com/dothanthitiendiettiende/CVE-2019-6207

View Code ZIP pw:eip

References (4)

Core 4

Core References

Vendor Advisory x_refsource_misc

https://support.apple.com/HT209599

Vendor Advisory x_refsource_misc

https://support.apple.com/HT209601

Vendor Advisory x_refsource_misc

https://support.apple.com/HT209600

Vendor Advisory x_refsource_misc

https://support.apple.com/HT209602

Scores

CVSS v3 5.5

EPSS 0.0066

EPSS Percentile 71.2%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-125

Status published

Products (4)

apple/iphone_os < 12.2

apple/mac_os_x < 10.14.4

apple/tvos < 12.2

apple/watchos < 5.2

Published Dec 18, 2019

Tracked Since Feb 18, 2026