Toggle menu
Toggle preferences menu
Toggle personal menu
Not logged in
Log in or create an account to edit The Apple Wiki.
dmaFail
Vulnerability in XNU
Vulnerable in
  • iOS ? - 16.5, 16.5.1 (A12-A14)
Disclosed28 December 2023 (2023-12-28)
Discovered byKaspersky
CVECVE-2023-38606
Apple KB

dmaFail is a vulnerability fixed in iOS 16.6. It was discovered and disclosed by Kaspersky, following a cyber-attack on their own employees. Through this, they managed to capture an entire chain of 0-day vulnerabilities, the majority of which were detailed in their talk at 37c3.

Through the use of undocumented cache debug registers, an attacker could issue memory writes to anywhere in memory, including PPL-protected memory. However, the writes are written to cache, not to the backing memory (at first). The vulnerability also allows for writing to KTRR-protected memory, but when the actual write-back occurs, the AMCC will reject the write as it is within the read-only kernel code region.

dmaFail was properly fixed in iOS 16.6. However, due to an extra register needed on A15 and A16 being made unusable in iOS 16.5.1, the vulnerability is rendered unexploitable on iOS 16.5.1 for such devices.

External Links