6.5

CVE-2026-45259

sigqueue(2) missing capability mode restriction

sigqueue(2) was marked as permitted in capability mode with the introduction of Capsicum in 2011, but the implementation of kern_sigqueue did not include a capability mode check restricting signal delivery to the calling process's own PID.

A process in capability mode can use sigqueue(2) to send signals to any process it could signal following standard Unix permissions, bypassing the Capsicum sandbox restriction.  A compromised sandboxed process could interfere with other processes, for example by sending SIGKILL or SIGSTOP.  This could be any process running as the same user, or any process, for a superuser sandboxed process.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
FreebsdFreebsd Version14.3 Update-
FreebsdFreebsd Version14.3 Updatep1
FreebsdFreebsd Version14.3 Updatep10
FreebsdFreebsd Version14.3 Updatep11
FreebsdFreebsd Version14.3 Updatep12
FreebsdFreebsd Version14.3 Updatep13
FreebsdFreebsd Version14.3 Updatep14
FreebsdFreebsd Version14.3 Updatep2
FreebsdFreebsd Version14.3 Updatep3
FreebsdFreebsd Version14.3 Updatep4
FreebsdFreebsd Version14.3 Updatep5
FreebsdFreebsd Version14.3 Updatep6
FreebsdFreebsd Version14.3 Updatep7
FreebsdFreebsd Version14.3 Updatep8
FreebsdFreebsd Version14.3 Updatep9
FreebsdFreebsd Version14.4 Update-
FreebsdFreebsd Version14.4 Updatep1
FreebsdFreebsd Version14.4 Updatep2
FreebsdFreebsd Version14.4 Updatep3
FreebsdFreebsd Version14.4 Updatep4
FreebsdFreebsd Version14.4 Updatep5
FreebsdFreebsd Version15.0 Update-
FreebsdFreebsd Version15.0 Updatep1
FreebsdFreebsd Version15.0 Updatep2
FreebsdFreebsd Version15.0 Updatep3
FreebsdFreebsd Version15.0 Updatep4
FreebsdFreebsd Version15.0 Updatep5
FreebsdFreebsd Version15.0 Updatep6
FreebsdFreebsd Version15.0 Updatep7
FreebsdFreebsd Version15.0 Updatep8
FreebsdFreebsd Version15.0 Updatep9
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.09% 0.007
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.5 2 4
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
CWE-266 Incorrect Privilege Assignment

A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.

https://security.freebsd.org/advisories/FreeBSD-SA-26:28.capsicum.asc
Vendor Advisory