The author discovered CVE-2024-54507, a ‘sus’ sysctl in the XNU kernel, while testing macOS 15.0. Upon investigation, it was found that the sysctl_udp_log_port function was causing a PARTIAL2 KASAN load violation due to an out-of-bounds read. By treating a uint16_t pointer as an integer pointer, the bug allowed for the leakage of 2 bytes of kernel memory. The author provides a proof of concept and suggests a fix for the issue. This case study serves as a cautionary tale for kernel programmers about the consequences of every memory access. macOS 15.2 and iOS 18.2 have since been released, addressing the bug.
https://jprx.io/cve-2024-54507/