CVE-2017-2436
CVE-2017-2436 concerns the IOFireWireAVC kernel extension in macOS Sierra (affected: macOS before 10.12.4). The connected documents reveal a concrete root cause: in IOFireWireAVCUserClient::CreateAVCAsyncCommand, the length parameter len is used to compute cmdLen, then a pointer from the user-con...