CVE Catalog
CVE-2026-57589
HighCVSS 7.4Exploitation Probability (EPSS)
Low risk0.13%
3th percentile — higher than 3% of all known CVEs
Summary
In the OpenBSD kernel up to version 7.9, a use-after-free vulnerability exists in sys/kern/sysv_sem.c, allowing local privilege escalation to root. The issue occurs after a context switch following tsleep in sys_semget().
Risk Assessment
A local attacker can exploit this vulnerability to gain full control of the system, compromising data confidentiality, integrity, and availability.
Recommendation
Immediately update OpenBSD to a version later than 7.9, where this vulnerability has been fixed.
Original NVD description (English source)
sys/kern/sysv_sem.c in OpenBSD through 7.9 has a use-after-free allowing local privilege escalation to root. This is a context switch use-after-free after tsleep in sys_semget().

