CVE-2019-6207

MEDIUM

iPhone OS < 12.2 - Out-of-bounds Read in Kernel Memory

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2019-6207. PoCs published by maldiohead, DimitriFourny, dothanthitiendiettiende.

AI-analyzed exploit summary This PoC exploits a kernel heap information leak in macOS and iOS via a bug in sysctl_dumpentry, where uninitialized memory in rt_msghdr2 is copied to userspace. The code demonstrates the leak by repeatedly dumping kernel heap data.

Description

An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. A malicious application may be able to determine kernel memory layout.

Exploits (3)

nomisec WORKING POC 71 stars
by maldiohead · poc
https://github.com/maldiohead/CVE-2019-6207

This PoC exploits a kernel heap information leak in macOS and iOS via a bug in sysctl_dumpentry, where uninitialized memory in rt_msghdr2 is copied to userspace. The code demonstrates the leak by repeatedly dumping kernel heap data.

Classification
Working Poc 90%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Reliable
Target: macOS < 10.14.5, iOS < 12.2
No auth needed
Prerequisites: Access to a vulnerable macOS or iOS system
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 30 stars
by DimitriFourny · poc
https://github.com/DimitriFourny/cve-2019-6207

This exploit leverages an uninitialized memory disclosure vulnerability in the XNU kernel's routing table sysctl handler (CVE-2019-6207) to leak arbitrary kernel memory. The PoC repeatedly queries the sysctl interface to dump uninitialized `rtm_inits` values from the `rt_msghdr` structure.

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Reliable
Target: Apple XNU kernel (macOS < 10.14.4, iOS < 12.2, tvOS < 12.2, watchOS < 5.2)
No auth needed
Prerequisites: Access to a vulnerable macOS/iOS device · Ability to execute arbitrary code on the target system
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec STUB
by dothanthitiendiettiende · poc
https://github.com/dothanthitiendiettiende/CVE-2019-6207

The repository contains only a README.md with minimal details about CVE-2019-6207, mentioning a kernel heap info leak via getdirentriesattr in macOS/iOS. No exploit code or technical details are provided.

Classification
Stub 30%
Attack Type
Info Leak
Complexity
Theoretical
Reliability
Theoretical
Target: macOS <= 10.14.4, iOS < 12.2
No auth needed
Prerequisites: Access to a vulnerable macOS/iOS system
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Vendor Advisory x_refsource_misc
https://support.apple.com/HT209599
Vendor Advisory x_refsource_misc
https://support.apple.com/HT209601
Vendor Advisory x_refsource_misc
https://support.apple.com/HT209600
Vendor Advisory x_refsource_misc
https://support.apple.com/HT209602

Scores

CVSS v3 5.5
EPSS 0.0075
EPSS Percentile 50.0%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-125
Status published
Products (4)
apple/iphone_os < 12.2
apple/mac_os_x < 10.14.4
apple/tvos < 12.2
apple/watchos < 5.2
Published Dec 18, 2019
Tracked Since Feb 18, 2026