HIGHCVE-2026-45253Published Modified CNA freebsd
CVE-2026-45253: Missing validation in ptrace(PT_SC_REMOTE)
ptrace(PT_SC_REMOTE) failed to properly validate parameters for the syscall(2) and __syscall(2) meta-system calls. As a result, a user with the ability to debug a process may trigger arbitrary code execution in the kernel, even if the target process has no special privileges. The missing validation allows an unprivileged local user to escalate privileges, potentially gaining full control of the affected system.
Metrics
- CVSS v3.1
- 8.4
- Severity
- HIGH
- Fixed in
- p14
- Affected Products
- 1
Fix available
p14p5p9
Affected packages
- FreeBSD / FreeBSD< p9 (from 15.0-RELEASE) · < p5 (from 14.4-RELEASE) · < p14 (from 14.3-RELEASE)
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HReferences