7

CVE-2026-49417

Multiple vulnerabilities in the sound(4) mmap path

Second, the audio buffer backing a mapping could be freed when the device was closed even though the mapping remained valid.  The freed memory could then be reused elsewhere while still accessible through the stale mapping.

The /dev/dsp device nodes are world-accessible by default.  On a system with an audio device, either issue allows an unprivileged local user to read and write kernel memory, which can be used to escalate privileges, potentially gaining full control of the affected system.  At a minimum, an attacker can crash the kernel, resulting in a Denial of Service (DoS).
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
FreebsdFreebsd Version14.3 Update-
FreebsdFreebsd Version14.3 Updatep1
FreebsdFreebsd Version14.3 Updatep10
FreebsdFreebsd Version14.3 Updatep11
FreebsdFreebsd Version14.3 Updatep12
FreebsdFreebsd Version14.3 Updatep13
FreebsdFreebsd Version14.3 Updatep14
FreebsdFreebsd Version14.3 Updatep2
FreebsdFreebsd Version14.3 Updatep3
FreebsdFreebsd Version14.3 Updatep4
FreebsdFreebsd Version14.3 Updatep5
FreebsdFreebsd Version14.3 Updatep6
FreebsdFreebsd Version14.3 Updatep7
FreebsdFreebsd Version14.3 Updatep8
FreebsdFreebsd Version14.3 Updatep9
FreebsdFreebsd Version14.4 Update-
FreebsdFreebsd Version14.4 Updatep1
FreebsdFreebsd Version14.4 Updatep2
FreebsdFreebsd Version14.4 Updatep3
FreebsdFreebsd Version14.4 Updatep4
FreebsdFreebsd Version14.4 Updatep5
FreebsdFreebsd Version15.0 Update-
FreebsdFreebsd Version15.0 Updatep1
FreebsdFreebsd Version15.0 Updatep2
FreebsdFreebsd Version15.0 Updatep3
FreebsdFreebsd Version15.0 Updatep4
FreebsdFreebsd Version15.0 Updatep5
FreebsdFreebsd Version15.0 Updatep6
FreebsdFreebsd Version15.0 Updatep7
FreebsdFreebsd Version15.0 Updatep8
FreebsdFreebsd Version15.0 Updatep9
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.13% 0.026
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0 7 1 5.9
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

https://security.freebsd.org/advisories/FreeBSD-SA-26:27.sound.asc
Vendor Advisory