CVE-2026-57589

HIGH

7.4

CVSS 3.1

Description

sys/kern/sysv_sem.c in OpenBSD through 7.9 has a use-after-free allowing local privilege escalation to root. This is a context switch use-after-free after tsleep in sys_semget().

Metadata

CVE ID: CVE-2026-57589
State: PUBLISHED
Assigner: mitre
Reserved: 2026-06-25 00:33 UTC
Published: 2026-06-25 00:33 UTC
Last updated: 2026-06-25 00:33 UTC
Primary CWE: CWE-416
CWE-416 Use After Free
Vendor / Product: OpenBSD / OpenBSD
Sources: cve.org · NVD

Severity & Metrics

7.4 HIGH CVSS 3.1

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products (1)

Vendor	Product	Platform	Versions
OpenBSD	OpenBSD	—	0 ≤ 7.9

Weakness (CWE)

CWE	Source	Description
CWE-416	cna	CWE-416 Use After Free

CVSS scores (1)

Score	Severity	Version	Source	Vector
7.4	HIGH	3.1	cna	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

References (2)

https://github.com/openbsd/src/commit/1957873d2063db11dab780eca75b5e629d1e838d
https://openai.com/index/patch-the-planet/

Back to overview