CVE-2026-45253

HIGH

FreeBSD 15.0-RELEASE < p9, 14.4-RELEASE < p5, 14.3-RELEASE < p14 - Out-of-bounds Write in ptrace(PT_SC_REMOTE)

Title source: llm

Description

ptrace(PT_SC_REMOTE) failed to properly validate parameters for the syscall(2) and __syscall(2) meta-system calls. As a result, a user with the ability to debug a process may trigger arbitrary code execution in the kernel, even if the target process has no special privileges. The missing validation allows an unprivileged local user to escalate privileges, potentially gaining full control of the affected system.

References (1)

Core 1

Core References

Vendor Advisory vendor-advisory

https://security.freebsd.org/advisories/FreeBSD-SA-26:21.ptrace.asc

Scores

CVSS v3 8.4

EPSS 0.0001

EPSS Percentile 0.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-787

Status published

Products (6)

freebsd/freebsd 14.3 (14 CPE variants)

freebsd/freebsd 14.4 (6 CPE variants)

freebsd/freebsd 15.0 (9 CPE variants)

FreeBSD/FreeBSD 14.3-RELEASE - p14

FreeBSD/FreeBSD 14.4-RELEASE - p5

FreeBSD/FreeBSD 15.0-RELEASE - p9

Published May 21, 2026

Tracked Since May 21, 2026