CVE-2026-45253 — HIGH (8.4)

Vulnerability Description

ptrace(PT_SC_REMOTE) failed to properly validate parameters for the syscall(2) and __syscall(2) meta-system calls. As a result, a user with the ability to debug a process may trigger arbitrary code execution in the kernel, even if the target process has no special privileges. The missing validation allows an unprivileged local user to escalate privileges, potentially gaining full control of the affected system.

CVSS Score

8.4

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Freebsd	Freebsd	14.3

Related Weaknesses (CWE)

CWE-787

References

https://security.freebsd.org/advisories/FreeBSD-SA-26:21.ptrace.ascVendor Advisory

FAQ

What is CVE-2026-45253?

CVE-2026-45253 is a vulnerability with a CVSS score of 8.4 (HIGH). ptrace(PT_SC_REMOTE) failed to properly validate parameters for the syscall(2) and __syscall(2) meta-system calls. As a result, a user with the ability to debug a process may trigger arbitrary code e...

How severe is CVE-2026-45253?

CVE-2026-45253 has been rated HIGH with a CVSS base score of 8.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2026-45253?

Check the references section above for vendor advisories and patch information. Affected products include: Freebsd Freebsd.