macOS XNU - Missing Locking in checkdirs_callback() Enables Race with fchdir_common() Exploit

On macOS, when a new mount point is created, the kernel uses checkdirs to, as a comment above the function explains: "Scan all active processes to see if any of them have a current or root directory onto which the new filesystem has just been mounted. If so, replace them with the new mount point....