Use-After-Free Vulnerability in FreeBSD Open File Descriptor Management
CVE-2026-45251

7.8HIGH

Key Information:

Vendor: FreeBSD
Status: FreeBSD
Vendor: CVE Published:; 21 May 2026

What is CVE-2026-45251?

A vulnerability exists in FreeBSD's handling of file descriptors, where a file descriptor may be closed while a thread is in a blocked state within poll(2) or select(2) operations. This situation can lead to a use-after-free condition, allowing an unprivileged local user to potentially exploit this oversight. The kernel fails to sufficiently unlink blocked threads from the associated object prior to its deallocation, which may lead to access violations upon thread awakening. This vulnerability poses a significant risk as it could permit unauthorized elevation of privileges within the affected system, making it essential for users to apply necessary mitigations.

Affected Version(s)

FreeBSD 15.0-RELEASE

FreeBSD 14.4-RELEASE

FreeBSD 14.3-RELEASE

References

https://security.freebsd.org/advisories/FreeBSD-SA-26:19....

vendor-advisory

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 21, 2026
Vulnerability Reserved
May 11, 2026

Credit

75Acol, Lexpl0it, fcgboy, and robinzeng2015

Ryan at Calif.io

CVE-2026-45251 Data

JSON