CVE-2026-45253
8.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
ptrace(PT_SC_REMOTE) failed to properly validate parameters for the syscall(2) and __syscall(2) meta-system calls. As a result, a user with the ability to debug a process may trigger arbitrary code execution in the kernel, even if the target process has no special privileges.
The missing validation allows an unprivileged local user to escalate privileges, potentially gaining full control of the affected system.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| FreeBSD | FreeBSD | 15.0-RELEASE < p9 | affected |
| FreeBSD | FreeBSD | 14.4-RELEASE < p5 | affected |
| FreeBSD | FreeBSD | 14.3-RELEASE < p14 | affected |
Weaknesses
- CWE-787: CWE-787: Out-of-bounds Write
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.