Double free in FreeBSD - CVE-2026-49419
Published: July 1, 2026
FreeBSD
Detailed vulnerability description
The vulnerability allows a local user to escalate privileges.
The vulnerability exists due to a double free in kern_jail_set() and kern_jail_get() when handling the JAIL_AT_DESC flag and a failed jail descriptor lookup. A local user can trigger the affected system calls to escalate privileges.
On the jail host, exploitation will generally result in an immediate panic instead of privilege escalation. Privilege escalation may be possible when the user is running inside a jail.