CVE Catalog

CVE-2026-57589

HighCVSS 7.4
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.13%

3th percentile — higher than 3% of all known CVEs

Summary

In the OpenBSD kernel up to version 7.9, a use-after-free vulnerability exists in sys/kern/sysv_sem.c, allowing local privilege escalation to root. The issue occurs after a context switch following tsleep in sys_semget().

Risk Assessment

A local attacker can exploit this vulnerability to gain full control of the system, compromising data confidentiality, integrity, and availability.

Recommendation

Immediately update OpenBSD to a version later than 7.9, where this vulnerability has been fixed.

Original NVD description (English source)

sys/kern/sysv_sem.c in OpenBSD through 7.9 has a use-after-free allowing local privilege escalation to root. This is a context switch use-after-free after tsleep in sys_semget().

Vulnerability data from NVD (NIST) · CISA KEV · EPSS