CVE-2022-32932

HIGH

iPadOS < 15.7.1 - Out-of-bounds Write

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2022-32932. PoCs published by ox1111.

AI-analyzed exploit summary This repository provides a detailed technical analysis of CVE-2022-32932, a double fetch issue in the ANE kernel interface leading to an out-of-bounds (OOB) write. The author explains the root cause, vulnerable code paths, and potential exploitation techniques, referencing related vulnerabilities and prior research.

Description

The issue was addressed with improved memory handling. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, iOS 16.1 and iPadOS 16, watchOS 9.1. An app may be able to execute arbitrary code with kernel privileges.

Exploits (1)

nomisec WRITEUP 2 stars
by ox1111 · poc
https://github.com/ox1111/CVE-2022-32932

This repository provides a detailed technical analysis of CVE-2022-32932, a double fetch issue in the ANE kernel interface leading to an out-of-bounds (OOB) write. The author explains the root cause, vulnerable code paths, and potential exploitation techniques, referencing related vulnerabilities and prior research.

Classification
Writeup 100%
Attack Type
Lpe
Complexity
Complex
Reliability
Theoretical
Target: Apple Neural Engine (ANE) kernel interface
No auth needed
Prerequisites: Access to a vulnerable Apple device with Neural Engine · Ability to load a custom or patched mlmodel
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (3)

Core 3

Scores

CVSS v3 7.8
EPSS 0.0056
EPSS Percentile 42.3%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-787
Status published
Products (4)
apple/ipados < 15.7.1
apple/iphone_os 16.0
apple/iphone_os < 15.7.1
apple/watchos < 9.1
Published Nov 01, 2022
Tracked Since Feb 18, 2026