CVE-2024-54507

MEDIUM

iPadOS < 18.2 - Authenticated Out-of-bounds Read via Type Confusion

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-54507. PoCs published by jprx.

AI-analyzed exploit summary This PoC demonstrates a 2-byte kernel infoleak vulnerability (CVE-2024-54507) in macOS XNU kernel versions between xnu-11215.1.10 and xnu-11215.61.5. It exploits a sysctl query to leak kernel memory contents via the 'net.inet.udp.log.remote_port_excluded' parameter.

Description

A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 18.2 and iPadOS 18.2, macOS Sequoia 15.2. An attacker with user privileges may be able to read kernel memory.

Exploits (1)

nomisec WORKING POC 9 stars
by jprx · poc
https://github.com/jprx/CVE-2024-54507

This PoC demonstrates a 2-byte kernel infoleak vulnerability (CVE-2024-54507) in macOS XNU kernel versions between xnu-11215.1.10 and xnu-11215.61.5. It exploits a sysctl query to leak kernel memory contents via the 'net.inet.udp.log.remote_port_excluded' parameter.

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: macOS XNU kernel (xnu-11215.1.10 to xnu-11215.61.5)
No auth needed
Prerequisites: macOS system with vulnerable XNU kernel version
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Release Notes, Vendor Advisory
https://support.apple.com/en-us/121837
Release Notes, Vendor Advisory
https://support.apple.com/en-us/121839

Scores

CVSS v3 5.5
EPSS 0.0083
EPSS Percentile 52.5%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact partial

Details

CWE
CWE-125 CWE-843
Status published
Products (5)
Apple/iOS and iPadOS < 18.2
apple/ipados < 18.2
apple/iphone_os < 18.2
apple/macos < 15.2
Apple/macOS < 15.2
Published Jan 27, 2025
Tracked Since Feb 18, 2026