Kernel Memory Management Issue in FreeBSD Affects Unprivileged Users
CVE-2026-6386

Currently unrated

Key Information:

Vendor: FreeBSD
Status: FreeBSD
Vendor: CVE Published:; 22 April 2026

What is CVE-2026-6386?

A vulnerability in the FreeBSD kernel arises from a failure in the page table update mechanism, specifically when applying protection keys to address ranges. This flaw neglects the presence of 1GB largepage mappings created via the shm_create_largepage(3) interface, leading to a situation where the system improperly interprets a page directory entry. Consequently, unprivileged users may exploit this bug to manipulate memory allocations, enabling access to memory regions outside of their permissions, thus compromising the integrity of user-space applications.

Affected Version(s)

FreeBSD 15.0-RELEASE

FreeBSD 14.4-RELEASE

FreeBSD 14.3-RELEASE

References

https://security.freebsd.org/advisories/FreeBSD-SA-26:11....

vendor-advisory

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 22, 2026
Vulnerability Reserved
Apr 15, 2026

Credit

Nicholas Carlini using Claude, Anthropic

CVE-2026-6386 Data

JSON