CVE-2026-45253

Severity CVSS v4.0:

Pending analysis

Type:

CWE-787 Out-of-bounds Write

Publication date:

21/05/2026

Last modified:

21/05/2026

Description

ptrace(PT_SC_REMOTE) failed to properly validate parameters for the syscall(2) and __syscall(2) meta-system calls. As a result, a user with the ability to debug a process may trigger arbitrary code execution in the kernel, even if the target process has no special privileges.<br /> <br /> The missing validation allows an unprivileged local user to escalate privileges, potentially gaining full control of the affected system.

Impact

References to Advisories, Solutions, and Tools

https://security.freebsd.org/advisories/FreeBSD-SA-26:21.ptrace.asc