Use-after-free in FreeBSD - CVE-2026-49422
Published: July 1, 2026
FreeBSD
Detailed vulnerability description
The vulnerability allows a local user to escalate privileges.
The vulnerability exists due to use-after-free in the TCP RACK setsockopt(2) handler when copying option data from userspace while the TCP stack is switched twice during a lock drop window. A local user can switch TCP stacks twice during this window to escalate privileges.
Only systems with the tcp_rack.ko kernel module loaded are vulnerable.