Use of Uninitialized Variable in FreeBSD - CVE-2026-49424
Published: July 1, 2026
FreeBSD
Detailed vulnerability description
The vulnerability allows a local user to disclose sensitive information.
The vulnerability exists due to uninitialized memory usage in the Linux waitid() implementation when translating a FreeBSD siginfo_t struct into a stack-declared Linux siginfo_t. A local user can invoke waitid() via the Linux compatibility layer to disclose sensitive information.
Only systems with the Linux binary compatibility layer loaded are vulnerable, and up to 104 bytes of uninitialized kernel stack data may be exposed.