Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
5DescriptionCVE.org
A buffer overflow was addressed with improved bounds checking. This issue is fixed in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. An app may be able to cause unexpected system termination or write kernel memory.
AnalysisAI
Buffer overflow in macOS kernel allows local applications to terminate the system or write to kernel memory, affecting macOS Sequoia 15.x, Sonoma 14.x, and Tahoe 26.x. Apple has released security updates patching this vulnerability. Despite the CVSS vector indicating network-based attack (AV:N), the description specifies 'an app may be able to' which confirms local application context, indicating a vector/description inconsistency. EPSS score of 0.02% (4th percentile) suggests low probability of mass exploitation, and no active exploitation or public POC identified at time of analysis.
Technical ContextAI
This vulnerability stems from CWE-120 (Classic Buffer Overflow) in the macOS kernel, where insufficient bounds checking allows writing beyond allocated memory boundaries. The affected component resides in kernel space across three major macOS versions (Sequoia 15.x, Sonoma 14.x, and Tahoe 26.x), indicating a shared codebase vulnerability. Buffer overflows in kernel context are particularly severe because they operate with Ring 0 privileges, bypassing user-space protections. Apple addressed this through improved bounds checking, which typically involves validating input sizes against buffer capacities before memory operations. The CPE string identifies this as an Apple macOS platform vulnerability rather than a specific application component.
RemediationAI
Apply Apple security updates immediately: upgrade macOS Sequoia to version 15.7.7 or later, macOS Sonoma to version 14.8.7 or later, or macOS Tahoe to version 26.5 or later. Updates available through System Settings > General > Software Update or via Apple's support pages (HT127115, HT127116, HT127117). If immediate patching is not feasible, implement application allowlisting to prevent unauthorized applications from executing-this reduces attack surface by blocking the local app execution vector, though it requires administrative overhead and may impact productivity if legitimate applications are blocked. For high-security environments, consider restricting application installation privileges to administrative accounts only, though this trades usability for security. No configuration-based workaround eliminates the vulnerability; patching is the only complete remediation.
Same weakness CWE-120 – Classic Buffer Overflow
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-29245
GHSA-94gg-9mqp-g3xm