CVE-2019-5596

HIGH

FreeBSD 11.2-STABLE, 12.0-STABLE < r343781, 12.0-RELEASE < p3 - Privilege Escalation via UNIX Domain Socket

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2019-5596. PoCs published by Karsten König, gr4yf0x, raymontag.

AI-analyzed exploit summary This exploit leverages a use-after-free vulnerability in FreeBSD's file descriptor handling to achieve local privilege escalation. It manipulates file descriptors and dirty buffers to corrupt kernel memory, ultimately allowing an attacker to overwrite critical files like /etc/libmap.conf.

Description

In FreeBSD 11.2-STABLE after r338618 and before r343786, 12.0-STABLE before r343781, and 12.0-RELEASE before 12.0-RELEASE-p3, a bug in the reference count implementation for UNIX domain sockets can cause a file structure to be incorrectly released potentially allowing a malicious local user to gain root privileges or escape from a jail.

Exploits (3)

exploitdb WORKING POC VERIFIED
by Karsten König · bashlocalfreebsd
https://www.exploit-db.com/exploits/47829

This exploit leverages a use-after-free vulnerability in FreeBSD's file descriptor handling to achieve local privilege escalation. It manipulates file descriptors and dirty buffers to corrupt kernel memory, ultimately allowing an attacker to overwrite critical files like /etc/libmap.conf.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Complex
Reliability
Racy
Target: FreeBSD (versions affected by CVE-2019-5596)
No auth needed
Prerequisites: Local access to a vulnerable FreeBSD system · Presence of /etc/libmap.conf
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC
by gr4yf0x · bashlocalfreebsd
https://www.exploit-db.com/exploits/47081

This exploit targets a use-after-free vulnerability in FreeBSD's file descriptor handling (CVE-2019-5596). It manipulates file descriptors and leverages race conditions to achieve local privilege escalation by corrupting kernel memory structures.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Complex
Reliability
Racy
Target: FreeBSD (versions affected by FreeBSD-SA-19:02.fd)
No auth needed
Prerequisites: Local access to the target system · Presence of /etc/libmap.conf · UFS filesystem
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 1 stars
by raymontag · poc
https://github.com/raymontag/CVE-2019-5596

This is a privilege escalation exploit for FreeBSD (CVE-2019-5596) leveraging a use-after-free vulnerability in the file descriptor handling mechanism. The exploit uses a combination of multithreading, file operations, and socket manipulation to trigger the vulnerability and achieve root access.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Complex
Reliability
Racy
Target: FreeBSD (versions affected by CVE-2019-5596)
No auth needed
Prerequisites: Access to a vulnerable FreeBSD system · Ability to execute arbitrary code on the target system
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Patch, Third Party Advisory vendor-advisory x_refsource_freebsd
https://security.FreeBSD.org/advisories/FreeBSD-SA-19:02.fd.asc

Scores

CVSS v3 8.8
EPSS 0.0123
EPSS Percentile 65.0%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Details

Status published
Products (2)
freebsd/freebsd 11.2
freebsd/freebsd 12.0
Published Feb 12, 2019
Tracked Since Feb 18, 2026