CVE-2017-13868: A fun XNU infoleak
https://bazad.github.io/2018/03/a-fun-xnu-infoleak/ [bazad.github.io]
2018-03-22 16:56
Way back in October of 2017, I discovered CVE-2017-13868, a kernel information leak in XNU that was quite fun to analyze and exploit. While browsing the XNU source code, I noticed that the function ctl_ctloutput didn’t check the return value of a call to sooptcopyin. This immediately caught my attention because error checking in the kernel is very important: poor error checking is a frequent source of security bugs. In this case, failing to check the return value opened a race window that could allow a privileged process to read an arbitrary amount of uninitialized kernel heap data.
source: grugq