EIP-2026-103367

PRE-CVE

macOS XNU - Missing Locking in checkdirs_callback() Enables Race with fchdir_common()

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-103367. PoCs published by Google Security Research.

AI-analyzed exploit summary This exploit demonstrates a race condition in macOS XNU kernel's checkdirs() function, leading to reference count underflow or dangling pointer issues when mounting filesystems. The PoC uses dtrace to widen the race window and trigger the vulnerability.

Description

macOS XNU - Missing Locking in checkdirs_callback() Enables Race with fchdir_common()

Exploits (1)

exploitdb WORKING POC VERIFIED

by Google Security Research · textdosmacos

https://www.exploit-db.com/exploits/47592

View Code ZIP pw:eip

This exploit demonstrates a race condition in macOS XNU kernel's checkdirs() function, leading to reference count underflow or dangling pointer issues when mounting filesystems. The PoC uses dtrace to widen the race window and trigger the vulnerability.

Classification

Working Poc 95%

Attack Type

Dos

Complexity

Complex

Reliability

Racy

Target: macOS XNU kernel (unspecified version)

Auth required

Prerequisites: SIP disabled · root access for dtrace · FAT32 filesystem image

MITRE ATT&CK

T1499.004 - Application or System Exploitation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026