Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2009-1238Race Condition in Apple MAC OS X

CWE-362Race Condition4 documents4 sources
Severity
7.2HIGHNVD
EPSS
0.2%
top 55.75%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Apple MAC OS XApple MAC OS X Server
Timeline
PublishedApr 2
Latest updateMay 2

Description

Race condition in the HFS vfs sysctl interface in XNU 1228.8.20 and earlier on Apple Mac OS X 10.5.6 and earlier allows local users to cause a denial of service (kernel memory corruption) by simultaneously executing the same HFS_SET_PKG_EXTENSIONS code path in multiple threads, which is problematic because of lack of mutex locking for an unspecified global variable.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages2 packages

NVDapple/mac_os_x10.5.6+54
NVDapple/mac_os_x_server10.5.6+54

🔴Vulnerability Details

2
GHSA
GHSA-r3mv-rfx2-rf55: Race condition in the HFS vfs sysctl interface in XNU 12282022-05-02
CVEList
CVE-2009-1238: Race condition in the HFS vfs sysctl interface in XNU 12282009-04-02

💥Exploits & PoCs

1
Exploit-DB
Apple Mac OSX xnu 1228.x - 'vfssysctl' Local Kernel Denial of Service (PoC)2009-03-23
CVE-2009-1238 — Race Condition in Apple MAC OS X | cvebase