CVE-2026-49413
ANALYSIS PENDINGFreeBSD - Flaw in Linuxulator Execution of Setugid Binaries
Title source: ruleDescription
The Linuxulator determined whether a binary was set-user-ID or set-group-ID by checking the P_SUGID process flag. During execve(2), this flag is not yet set at the point where the auxiliary vector is constructed, so AT_SECURE was incorrectly set to zero for set-user-ID and set-group-ID executables. An unprivileged local user can inject a shared library via LD_PRELOAD into a set-user-ID or set-group-ID Linux binary, gaining the privileges of that binary.
References (1)
Core 1
Core References
Vendor Advisory vendor-advisory
https://security.freebsd.org/advisories/FreeBSD-SA-26:30.linux.asc
Scores
EPSS
0.0014
EPSS Percentile
3.8%
Details
CWE
CWE-266
Status
published
Products (3)
FreeBSD/FreeBSD
14.3-RELEASE - p15
FreeBSD/FreeBSD
14.4-RELEASE - p6
FreeBSD/FreeBSD
15.0-RELEASE - p10
Published
Jun 27, 2026
Tracked Since
Jun 27, 2026