Input validation error in FreeBSD - CVE-2026-49428
Published: July 1, 2026
FreeBSD
Detailed vulnerability description
The vulnerability allows a local user to escalate privileges.
The vulnerability exists due to improper input validation in largepage shared memory object operations when invoking unsupported system calls such as open(2) with the O_TRUNC flag set or fspacectl(2). A local user can invoke unsupported operations on a largepage object to escalate privileges.
These operations are not permitted on largepage objects, but the implementation did not verify this.