CVE-2026-45253

EUVD-2026-31257
ptrace(PT_SC_REMOTE) failed to properly validate parameters for the syscall(2) and __syscall(2) meta-system calls.  As a result, a user with the ability to debug a process may trigger arbitrary code execution in the kernel, even if the target process has no special privileges.

The missing validation allows an unprivileged local user to escalate privileges, potentially gaining full control of the affected system.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.4 HIGH
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 5%
Affected Products (NVD)
VendorProductVersion
freebsdfreebsd
14.3
freebsdfreebsd
14.3:p1
freebsdfreebsd
14.3:p10
freebsdfreebsd
14.3:p11
freebsdfreebsd
14.3:p12
freebsdfreebsd
14.3:p13
freebsdfreebsd
14.3:p2
freebsdfreebsd
14.3:p3
freebsdfreebsd
14.3:p4
freebsdfreebsd
14.3:p5
freebsdfreebsd
14.3:p6
freebsdfreebsd
14.3:p7
freebsdfreebsd
14.3:p8
freebsdfreebsd
14.3:p9
freebsdfreebsd
14.4
freebsdfreebsd
14.4:p1
freebsdfreebsd
14.4:p2
freebsdfreebsd
14.4:p3
freebsdfreebsd
14.4:p4
freebsdfreebsd
14.4:rc1
freebsdfreebsd
15.0
freebsdfreebsd
15.0:p1
freebsdfreebsd
15.0:p2
freebsdfreebsd
15.0:p3
freebsdfreebsd
15.0:p4
freebsdfreebsd
15.0:p5
freebsdfreebsd
15.0:p6
freebsdfreebsd
15.0:p7
freebsdfreebsd
15.0:p8
𝑥
= Vulnerable software versions
Common Weakness Enumeration
Vulnerability Media Exposure
References
https://security.freebsd.org/advisories/FreeBSD-SA-26:21.ptrace.asc