Description
ptrace(PT_SC_REMOTE) failed to properly validate parameters for the syscall(2) and __syscall(2) meta-system calls. As a result, a user with the ability to debug a process may trigger arbitrary code execution in the kernel, even if the target process has no special privileges.

The missing validation allows an unprivileged local user to escalate privileges, potentially gaining full control of the affected system.
Published: 2026-05-21
Score: 8.4 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability arises from missing validation of parameters passed to the ptrace(PT_SC_REMOTE) operation when invoking the syscall(2) and __syscall(2) meta‑system calls. An attacker who can attach to a process with debug privileges can trigger arbitrary kernel code execution, resulting in local privilege escalation. The flaw corresponds to the improper handling of user input that corrupts kernel memory, a typical example of the CWE‑787 class.

Affected Systems

The affected product is FreeBSD. Specific version numbers are not listed by the CNA, so the flaw likely exists in all current releases that incorporate the buggy ptrace implementation.

Risk and Exploitability

Because the flaw allows a local user with debug rights to execute code at kernel level, it poses a high severity risk. The CVSS score is 8.4. The EPSS score is < 1%, indicating a very low probability of exploitation, and the vulnerability is not in the CISA KEV catalog. The attack requires local access and the ability to debug a process, which are common capabilities for users who are allowed to attach to running services. If exploited, an attacker could gain full system control.

Generated by OpenCVE AI on May 21, 2026 at 16:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install the latest FreeBSD release or apply the vendor‑issued kernel update that includes the ptrace(PT_SC_REMOTE) validation fix.
  • Configure the system to restrict ptrace usage to privileged users only, for example by enforcing appropriate sysctl limits or using /etc/security/limits.conf settings.
  • Enable audit logging for ptrace system calls and monitor for unexpected or unauthorized debugging activity.

Generated by OpenCVE AI on May 21, 2026 at 16:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 21 May 2026 19:15:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:o:freebsd:freebsd:14.3:-:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:14.3:p10:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:14.3:p11:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:14.3:p12:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:14.3:p13:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:14.3:p1:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:14.3:p2:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:14.3:p3:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:14.3:p4:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:14.3:p5:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:14.3:p6:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:14.3:p7:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:14.3:p8:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:14.3:p9:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:14.4:-:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:14.4:p1:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:14.4:p2:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:14.4:p3:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:14.4:p4:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:14.4:rc1:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:15.0:-:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:15.0:p1:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:15.0:p2:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:15.0:p3:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:15.0:p4:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:15.0:p5:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:15.0:p6:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:15.0:p7:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:15.0:p8:*:*:*:*:*:*

Thu, 21 May 2026 15:30:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.9, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

 cvssV3_1

{'score': 8.4, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 21 May 2026 13:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.9, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 21 May 2026 11:45:00 +0000

Type Values Removed Values Added
First Time appeared Freebsd
Freebsd freebsd
Vendors & Products Freebsd
Freebsd freebsd

Thu, 21 May 2026 10:15:00 +0000

Type Values Removed Values Added
Description ptrace(PT_SC_REMOTE) failed to properly validate parameters for the syscall(2) and __syscall(2) meta-system calls. As a result, a user with the ability to debug a process may trigger arbitrary code execution in the kernel, even if the target process has no special privileges. The missing validation allows an unprivileged local user to escalate privileges, potentially gaining full control of the affected system.
Title Missing validation in ptrace(PT_SC_REMOTE)
Weaknesses CWE-787
References

Subscriptions

Freebsd Freebsd
cve-icon MITRE

Status: PUBLISHED

Assigner: freebsd

Published:

Updated: 2026-05-21T13:48:28.125Z

Reserved: 2026-05-11T16:27:44.891Z

Link: CVE-2026-45253

cve-icon Vulnrichment

Updated: 2026-05-21T12:27:47.634Z

cve-icon NVD

Status : Analyzed

Published: 2026-05-21T10:16:26.270

Modified: 2026-05-21T19:01:01.833

Link: CVE-2026-45253

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-21T16:30:14Z

Weaknesses