CVE Catalog

CVE-2026-49416

HighCVSS 7.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.11%

1th percentile — higher than 1% of all known CVEs

Summary

A vulnerability in the FreeBSD kernel in the CONS_HISTORY ioctl handler allows an unprivileged local user to perform an out-of-bounds write. A large history size causes an integer overflow in buffer size calculation, resulting in a heap allocation smaller than expected and subsequent write beyond the allocation.

Risk Assessment

An attacker can exploit this vulnerability to escalate privileges, potentially gaining unauthorized access to kernel data or taking control of the system.

Recommendation

Immediately update the FreeBSD kernel to a version containing the fix for CVE-2026-49416. Restricting access to vt(4) devices for unprivileged users may reduce the risk.

Original NVD description (English source)

The CONS_HISTORY ioctl handler did not adequately validate the requested history size. A large value caused an integer overflow in the buffer size calculation, resulting in a heap allocation smaller than expected. Subsequent initialization of the buffer wrote beyond the end of the allocation. An unprivileged local user with access to a vt(4) device can trigger an out-of-bounds write in the kernel, potentially escalating privileges.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS