CVE-2024-27815

HIGH

iPadOS < 17.5 - Out-of-bounds Write

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-27815. PoCs published by jprx.

AI-analyzed exploit summary This PoC exploits a buffer overflow in the XNU kernel (CVE-2024-27815) by manipulating mbuf headers via a crafted socket operation. It demonstrates control over the m_hdr structure of subsequent mbufs, leading to potential kernel memory corruption.

Description

An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, tvOS 17.5, visionOS 1.2, watchOS 10.5. An app may be able to execute arbitrary code with kernel privileges.

Exploits (1)

nomisec WORKING POC 48 stars
by jprx · poc
https://github.com/jprx/CVE-2024-27815

This PoC exploits a buffer overflow in the XNU kernel (CVE-2024-27815) by manipulating mbuf headers via a crafted socket operation. It demonstrates control over the m_hdr structure of subsequent mbufs, leading to potential kernel memory corruption.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: Apple XNU kernel (xnu-10002.1.13 to xnu-10063.121.3)
No auth needed
Prerequisites: CONFIG_MBUF_MCACHE enabled · macOS system with vulnerable XNU kernel version
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (16)

Core 16
Core References
Mailing List, Third Party Advisory
http://seclists.org/fulldisclosure/2024/Jun/5

Scores

CVSS v3 7.8
EPSS 0.0205
EPSS Percentile 78.7%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact total

Details

CWE
CWE-787
Status published
Products (11)
Apple/iOS and iPadOS < 17.5
apple/ipados < 17.5
apple/iphone_os < 17.5
Apple/macOS < 14.5
apple/macos 14.0 - 14.5
apple/tvos < 17.5
Apple/tvOS < 17.5
apple/visionos < 1.2
Apple/visionOS < 1.2
apple/watchos < 10.5
... and 1 more
Published Jun 10, 2024
Tracked Since Feb 18, 2026