Race Condition Vulnerability in NetBSD's OpenCrypto Cryptodev Subsystem
CVE-2026-32848

5.7MEDIUM

Key Information:

Vendor: Netbsd
Status: Src
Vendor: CVE Published:; 18 May 2026

Badges

👾 Exploit Exists

What is CVE-2026-32848?

A race condition vulnerability exists in the cryptodev_op() function of the OpenCrypto subsystem in NetBSD, leading to potential exploitation by local attackers. By concurrently executing CIOCCRYPT operations on the same session identifier in symmetrical multiprocessor (SMP) systems, attackers can trigger a double-free condition. This flaw allows them to manipulate mutable per-operation state contained in the csession struct, ultimately leading to kernel heap memory corruption. Mitigation measures are detailed in the patch provided in the latest commits.

Affected Version(s)

src 0

References

https://nasm.re/posts/uaf_netbsd_crypto/

technical-descriptionexploit

https://github.com/NetBSD/src/commit/ec8451efc1565516aba9...

patch

https://www.vulncheck.com/advisories/netbsd-cryptodev-rac...

third-party-advisory

CVSS V4

Score:

5.7

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
May 18, 2026
👾
Exploit known to exist
May 18, 2026
Vulnerability published
May 18, 2026
Vulnerability Reserved
Mar 16, 2026

Credit

nasm

VulnCheck

CVE-2026-32848 Data

JSON

Netbsd

Badges

What is CVE-2026-32848?

Affected Version(s)

References

CVSS V4

Timeline

Credit