Use of Uninitialized Variable in FreeBSD - CVE-2026-49425
Published: July 1, 2026
FreeBSD
Detailed vulnerability description
The vulnerability allows a local user to disclose sensitive information.
The vulnerability exists due to uninitialized stack memory in the compat32 kevent() handler when translating a 64-bit kevent structure into a 32-bit structure. A local user can invoke the affected system call to disclose sensitive information.
The issue affects 32-bit compatibility support for executing 32-bit binaries on 64-bit platforms.