OpenBSD 存在一个释放后重用漏洞,允许本地用户提权至 root 权限。
OpenBSD has a use-after-free allowing local privilege escalation to root

原始链接: https://nvd.nist.gov/vuln/detail/cve-2026-57589

**CVE-2026-57589 摘要** OpenBSD 7.9 及之前版本中发现了一个严重安全漏洞。该缺陷被归类为“释放后重用”(Use-After-Free,CWE-416),存在于 `sys/kern/sysv_sem.c` 文件中。具体而言,在 `sys_semget()` 函数的 `tsleep` 调用之后会出现上下文切换引发的释放后重用问题。 此漏洞风险极大,因为它允许本地提权,可能使攻击者获得系统的 root 级访问权限。CISA 已将该漏洞的技术严重程度评估为“完全(total)”。建议用户查看 OpenBSD 官方存储库以获取针对此问题的补丁。

Hacker News | 最新 | 过往 | 评论 | 提问 | 展示 | 招聘 | 提交 | 登录 OpenBSD 存在一个允许本地提权至 root 的释放后使用(use-after-free)漏洞 (nist.gov) 25 分,linggen 发布于 1 小时前 | 隐藏 | 过往 | 收藏 | 3 条评论 帮助 Tiberium 4 分钟前 | 下一条 [–] 这似乎是“Patch The Planet” [0] 项目的一部分,该项目本质上是 OpenAI 提供模型访问权限,由 Trail of Bits 利用这些模型来发现开源项目中的漏洞。 [0] https://openai.com/index/patch-the-planet/ 回复 uticus 0 分钟前 | 上一条 | 下一条 [–] > 默认安装中仅有两个远程漏洞,这在很长一段时间内都是罕见的! https://www.openbsd.org/ https://en.wikipedia.org/wiki/OpenBSD#Security_record 回复 iberator 4 分钟前 | 上一条 | 下一条 [–] 亵渎 回复 指南 | 常见问题 | 列表 | API | 安全 | 法律 | 加入 YC | 联系 搜索:
相关文章

原文

Description

sys/kern/sysv_sem.c in OpenBSD through 7.9 has a use-after-free allowing local privilege escalation to root. This is a context switch use-after-free after tsleep in sys_semget().


Metrics

NVD enrichment efforts reference publicly available information to associate vector strings. CVSS information contributed by other sources is also displayed.

CVSS 4.0 Severity and Vector Strings:
CVSS 3.x Severity and Vector Strings:
CVSS 2.0 Severity and Vector Strings:

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

Weakness Enumeration

CWE-ID CWE Name Source
CWE-416 Use After Free MITRE  

Change History

3 change records found show changes

CVE Modified by CISA-ADP 6/26/2026 1:16:31 AM

Action Type Old Value New Value
Changed SSVC
{"timestamp":"2026-06-25T12:34:51.474289Z","id":"CVE-2026-57589","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}
{"timestamp":"2026-06-25T00:00:00+00:00","id":"CVE-2026-57589","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}

CVE Modified by CISA-ADP 6/25/2026 9:16:49 AM

Action Type Old Value New Value
Added SSVC
{"timestamp":"2026-06-25T12:34:51.474289Z","id":"CVE-2026-57589","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}

New CVE Received from MITRE 6/24/2026 9:16:26 PM

Action Type Old Value New Value
Added Description
sys/kern/sysv_sem.c in OpenBSD through 7.9 has a use-after-free allowing local privilege escalation to root. This is a context switch use-after-free after tsleep in sys_semget().
Added CVSS V3.1
AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Added CWE
CWE-416
Added Reference
https://github.com/openbsd/src/commit/1957873d2063db11dab780eca75b5e629d1e838d
Added Reference
https://openai.com/index/patch-the-planet/
Added Affected
[{"vendor":"OpenBSD","product":"OpenBSD","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"7.9","versionType":"custom","status":"affected"}]}]

Quick Info

CVE Dictionary Entry:
CVE-2026-57589
NVD Published Date:
06/24/2026
NVD Last Modified:
06/26/2026
Source:
MITRE
联系我们 contact @ memedata.com