CVE-2026-45258
Multiple vulnerabilities in the sound(4) mmap path
Description
dsp_mmap_single() validated the requested mapping by checking the sum of the user-supplied offset and length against the buffer size. This addition could overflow, so that a large offset and length wrapped around and passed the check. The offset was then narrowed from 64 to 32 bits when converted to a buffer address, yielding a mapping that extended past the audio buffer into unrelated kernel memory. The /dev/dsp device nodes are world-accessible by default. On a system with an audio device, either issue allows an unprivileged local user to read and write kernel memory, which can be used to escalate privileges, potentially gaining full control of the affected system. At a minimum, an attacker can crash the kernel, resulting in a Denial of Service (DoS).
INFO
Published Date :
June 27, 2026, 8:50 a.m.
Last Modified :
June 27, 2026, 8:50 a.m.
Remotely Exploit :
No
Source :
freebsd
Affected Products
The following products are affected by CVE-2026-45258
vulnerability.
Even if cvefeed.io is aware of the exact versions of the
products
that
are
affected, the information is not represented in the table below.
No affected product recoded yet
Solution
- Update the system to patch the kernel vulnerability.
- Restrict access to /dev/dsp device nodes.
- Limit user privileges on the system.
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2026-45258 vulnerability anywhere in the article.