Heap-based buffer overflow in FreeBSD - CVE-2026-49429
Published: July 1, 2026
FreeBSD
Detailed vulnerability description
The vulnerability allows a local user to escalate privileges.
The vulnerability exists due to heap-based buffer overflow in the ZFS_IOC_USERSPACE_MANY ioctl when processing a userspace output buffer size. A local user can trigger the ioctl with a crafted 64-bit buffer size to escalate privileges.
Exploitation requires the delegated ZFS permission "userused".