Home

Description

ptrace(PT_SC_REMOTE) failed to properly validate parameters for the syscall(2) and __syscall(2) meta-system calls. As a result, a user with the ability to debug a process may trigger arbitrary code execution in the kernel, even if the target process has no special privileges. The missing validation allows an unprivileged local user to escalate privileges, potentially gaining full control of the affected system.

PUBLISHED Reserved 2026-05-11 | Published 2026-05-21 | Updated 2026-05-22 | Assigner freebsd

Problem types

CWE-787: Out-of-bounds Write

Product status

Default status
unknown

15.0-RELEASE (release) before p9
affected

14.4-RELEASE (release) before p5
affected

14.3-RELEASE (release) before p14
affected

Credits

Yuxiang Yang, Yizhou Zhao, Ao Wang, Xuewei Feng, Qi Li, and Ke Xu from Tsinghua University using GLM-5.1 from Z.ai finder

Ryan at Calif.io finder

References

security.freebsd.org/advisories/FreeBSD-SA-26:21.ptrace.asc vendor-advisory

cve.org (CVE-2026-45253)

nvd.nist.gov (CVE-2026-45253)

Download JSON