Description
sys/kern/sysv_sem.c in OpenBSD through 7.9 has a use-after-free allowing local privilege escalation to root. This is a context switch use-after-free after tsleep in sys_semget().
References (2)
Core 2
Scores
CVSS v3
7.4
EPSS
0.0013
EPSS Percentile
2.6%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-416
Status
published
Products (1)
OpenBSD/OpenBSD
< 7.9
Published
Jun 25, 2026
Tracked Since
Jun 25, 2026