CVEFinder.io

CVE-2026-45253

⚠️ high
🔍 Scan for this CVE
Summary

ptrace(PT_SC_REMOTE) failed to properly validate parameters for the syscall(2) and __syscall(2) meta-system calls. As a result, a user with the ability to debug a process may trigger arbitrary code execution in the kernel, even if the target process has no special privileges. The missing validation allows an unprivileged local user to escalate privileges, potentially gaining full control of the affected system.

CVSS Score
8.4
High
EPSS Score
0.0
Exploit Probability
Published Date
2026-05-21
First Seen: 2026-05-22
📊 Relative Risk Intelligence

This CVE is High Risk - more severe than 80.3% of all 325,680 vulnerabilities in our database.

#64,144
Top 25% most severe
Severity Percentile
🎯 CISA SSVC Assessment Updated: May 21, 2026
🔍 Exploitation Status
None
No known exploits
⚙️ Automatable
NO
Requires human interaction
💥 Technical Impact
Total
Complete system compromise possible
🏆 Discovered By
Yuxiang Yang, Yizhou Zhao, Ao Wang, Xuewei Feng, Qi Li, and Ke Xu from Tsinghua University using GLM-5.1 from Z.ai Ryan at Calif.io
SSVC data provided by CISA
Last Modified 2026-05-21
Source NVD 🔗
CVSS Vector 3.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE IDs (Weakness Types)
CWE-787

📦 Affected Products 3

Vendor Product Status Affected Versions
freebsd freebsd Affected
v14.3
freebsd freebsd Affected
v14.4
freebsd freebsd Affected
v15.0

🔗 References 1

https://security.freebsd.org/advisories/FreeBSD-SA-2...
Vendor Advisory

🔗 Related CVEs 6

CVE ID Severity CVSS EPSS Summary Published
CVE-2026-45250 ⚠️ high 7.8 0.0 The setcred(2) system call is only available to privileged users. However, before the privilege level of the caller is ... 2026-05-21
CVE-2026-39461 ⚠️ high 8.8 0.0 libcasper(3) communicates with helper processes via UNIX domain sockets, and uses the select(2) system call to wait for ... 2026-05-21
CVE-2026-45251 ⚠️ high 7.8 0.0 A file descriptor can be closed while a thread is blocked in a poll(2) or select(2) call waiting for that descriptor. B... 2026-05-21
CVE-2026-45252 🔶 medium 5.5 0.1 When a fusefs file system implements extended attributes, the kernel may send a FUSE_LISTXATTR message to the userspace ... 2026-05-21
CVE-2026-45254 🔶 medium 6.5 0.0 In the case of the cap_net service, when a key present in the old limit was omitted from the new limit, the missing key ... 2026-05-21
CVE-2026-45255 ⚠️ high 7.5 0.0 When bsdinstall or bsdconfig are prompted to scan for nearby Wi-Fi networks, they build up a list of network names and u... 2026-05-21
These CVEs affect the same products