Apple Mac OSX Kernel - Null Pointer Dereference in nvCommandQueue::GetHandleIndex in GeForce.kext

/ Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=784 The method nvCommandQueue::GetHandleIndex doesn't check whether this+0x5b8 is non-null before using it. We can race a call to this method this with another thread calling IOServiceClose to get a NULL pointer there. By mapping...