Description
An information disclosure issue was addressed with improved memory management. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An app may be able to determine kernel memory layout.
Published: 2026-03-25
Score: 6.2 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Kernel memory layout disclosure
Action: Immediate patch
AI Analysis

Impact

An information disclosure vulnerability in macOS allows a malicious application to read kernel memory addresses, exposing the layout of kernel space. By revealing the exact locations of kernel data structures, an attacker can reduce the effectiveness of address space layout randomization and gain privileged access to system resources. This could enable subsequent privileges escalation or facilitate other more damaging exploits.

Affected Systems

The vulnerability affects all Apple macOS operating systems preceding the patched builds. Apple has addressed the issue by releasing updates for macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, and macOS Tahoe 26.4. Systems running earlier versions remain susceptible until these or newer updates are installed.

Risk and Exploitability

The CVSS base score of 6.2 classifies the flaw as moderate severity, while the EPSS score under 1% indicates a low likelihood of exploitation in the wild. It is not listed in CISA's KEV catalog. The description does not mention a network-based vector; therefore the attack path is likely local, requiring the attacker to execute code in the context of an application that can read kernel memory.

Generated by OpenCVE AI on March 26, 2026 at 19:28 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Apple macOS to the latest patched release (macOS Sequoia 15.7.5 or later, macOS Sonoma 14.8.5 or later, macOS Tahoe 26.4 or later).

Generated by OpenCVE AI on March 26, 2026 at 19:28 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 27 Mar 2026 09:30:00 +0000

Type Values Removed Values Added
Title macOS Kernel Memory Layout Disclosure Vulnerability

Thu, 26 Mar 2026 17:30:00 +0000

Type Values Removed Values Added
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*

Thu, 26 Mar 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 6.2, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 26 Mar 2026 12:30:00 +0000

Type Values Removed Values Added
Title macOS Kernel Memory Layout Disclosure
Weaknesses CWE-200

Wed, 25 Mar 2026 22:00:00 +0000

Type Values Removed Values Added
Title macOS Kernel Memory Layout Disclosure
Weaknesses CWE-200

Wed, 25 Mar 2026 12:00:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple macos
Vendors & Products Apple
Apple macos

Wed, 25 Mar 2026 01:00:00 +0000

Type Values Removed Values Added
Description An information disclosure issue was addressed with improved memory management. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An app may be able to determine kernel memory layout.
References

Subscriptions

Apple Macos
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-04-02T18:15:08.888Z

Reserved: 2025-11-11T14:43:07.876Z

Link: CVE-2026-20695

cve-icon Vulnrichment

Updated: 2026-03-26T13:47:48.573Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-25T01:17:06.330

Modified: 2026-03-26T17:20:25.117

Link: CVE-2026-20695

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-27T09:19:59Z

Weaknesses