CVE-2022-32898

HIGH

iPadOS < 15.7 - Remote Code Execution

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2022-32898. PoCs published by ox1111.

AI-analyzed exploit summary This repository provides a detailed technical analysis of CVE-2022-32898, a kernel memory corruption vulnerability in Apple's Neural Engine (ANE) driver. The writeup includes root cause analysis, memory corruption scenarios (stack and heap overflow), and a high-level explanation of the exploit trigger mechanism via malicious model loading.

Description

The issue was addressed with improved memory handling. This issue is fixed in iOS 15.7 and iPadOS 15.7, iOS 16, macOS Ventura 13, watchOS 9. An app may be able to execute arbitrary code with kernel privileges.

Exploits (1)

nomisec WRITEUP
by ox1111 · poc
https://github.com/ox1111/CVE-2022-32898

This repository provides a detailed technical analysis of CVE-2022-32898, a kernel memory corruption vulnerability in Apple's Neural Engine (ANE) driver. The writeup includes root cause analysis, memory corruption scenarios (stack and heap overflow), and a high-level explanation of the exploit trigger mechanism via malicious model loading.

Classification
Writeup 95%
Attack Type
Lpe
Complexity
Complex
Reliability
Theoretical
Target: Apple iOS kernel (ANE driver) on iOS 15.x
No auth needed
Prerequisites: Access to compile or craft a malicious model.hwx file · Ability to load the model via aned (Apple Neural Engine daemon)
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (4)

Core 4

Scores

CVSS v3 7.8
EPSS 0.0083
EPSS Percentile 52.7%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

Status published
Products (4)
apple/ipados < 15.7
apple/iphone_os < 15.7
apple/macos < 13.0
apple/watchos < 9.0
Published Nov 01, 2022
Tracked Since Feb 18, 2026