Use-after-free in FreeBSD - CVE-2026-49427
Published: July 1, 2026
FreeBSD
Detailed vulnerability description
The vulnerability allows a local user to escalate privileges.
The vulnerability exists due to use-after-free in POSIX largepage shared memory objects when transmitting such an object with sendfile(2) using the SF_NOCACHE flag. A local user can send a largepage shared memory object through sendfile(2) with the SF_NOCACHE flag to escalate privileges.
Existing mappings can continue to refer to the freed pages after transmission.