Buffer Overflow in Audio Device Driver Affects FreeBSD
CVE-2026-45258

Currently unrated

Key Information:

Vendor: FreeBSD
Status: FreeBSD
Vendor: CVE Published:; 27 June 2026

What is CVE-2026-45258?

A vulnerability in the FreeBSD audio device driver allows for the possibility of a buffer overflow due to improper validation of user-supplied input. Specifically, the function dsp_mmap_single() fails to adequately check the sum of the user-supplied offset and length against the buffer size, which can lead to an overflow situation. An attacker could exploit this oversight by providing a large offset and length, resulting in memory mappings that extend beyond the audio buffer. Since the /dev/dsp device nodes are accessible to all users by default, this vulnerability presents a significant risk, allowing an unprivileged local user to both read and write to kernel memory. Consequently, this could lead to privilege escalation or even a Denial of Service (DoS), where the attacker might crash the kernel, severely impacting system stability.

Affected Version(s)

FreeBSD 15.0-RELEASE

FreeBSD 14.4-RELEASE

FreeBSD 14.3-RELEASE

References

https://security.freebsd.org/advisories/FreeBSD-SA-26:27....

vendor-advisory

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 27, 2026
Vulnerability Reserved
May 11, 2026

Credit

Lexpl0it, 75Acol, ch0wn, zer0duck

Emmanuel Genier from Quarkslab

Hazley Samsudin of GovTech CSG

CVE-2026-45258 Data

JSON