Preface: A CVE with similar symptoms occurred in March 2022.
CVE-2022-22633 – A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS 8.5, iOS 15.4 and iPadOS 15.4, macOS Big Sur 11.6.5, macOS Monterey 12.3. Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution.
Background: The IOMMU (Input–Output Memory Management Unit) is a feature that is commonly present in 64-bit x86 processors as well as other architectures. Linux’ support for IOMMU has been a relatively disorganized development process, with several obscurities along the way. This is quite remarkable given that it’s part of the kernel’s memory management — a central role in the kernel’s functionality.
macOS 12.3 (21E230) – Kernel stack memory corruption detected ‘ restart problem in the past.
A end user in apple community reporting that he encountered Kernel stack memory corruption when he use PCIe-4 card being used in a PCIe-3 external Thunderbolt-3 drive for the boot device.
My concept is based on Enable IOMMU kernel support, Append amd_iommu=on to the kernel command line in /boot/grub/grub.conf so that AMD IOMMU specifications are enabled at boot.
My assumptoon is that attacker write a malicious Linux PCI Drivers, once it has successfully modified the IOMMU configuration so that it can make read/write accesses to kernel memory.
Vulnerability details: A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.4. An application may be able to execute arbitrary code with kernel privileges. For more details, please refer to the link – https://support.apple.com/en-us/HT213257