CVE-2026-6386
Received Received - Intake
Memory Corruption via PKRU Update Bug in FreeBSD Kernel

Publication date: 2026-04-22

Last updated on: 2026-05-01

Assigner: FreeBSD

Description
In order to apply a particular protection key to an address range, the kernel must update the corresponding page table entries. The subroutine which handled this failed to take into account the presence of 1GB largepage mappings created using the shm_create_largepage(3) interface. In particular, it would always treat a page directory page entry as pointing to another page table page. The bug can be abused by an unprivileged user to cause pmap_pkru_update_range() to treat userspace memory as a page table page, and thus overwrite memory to which the application would otherwise not have access.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-22
Last Modified
2026-05-01
Generated
2026-06-16
AI Q&A
2026-04-22
EPSS Evaluated
2026-06-15
NVD
CVE-2026-6386
EUVD
EUVD-2026-24592
Affected Vendors & Products
Showing 33 associated CPEs
Vendor Product Version / Range
freebsd freebsd 15.0
freebsd freebsd 15.0
freebsd freebsd 13.5
freebsd freebsd 13.5
freebsd freebsd 13.5
freebsd freebsd 13.5
freebsd freebsd 13.5
freebsd freebsd 13.5
freebsd freebsd 13.5
freebsd freebsd 13.5
freebsd freebsd 13.5
freebsd freebsd 13.5
freebsd freebsd 14.3
freebsd freebsd 14.3
freebsd freebsd 14.3
freebsd freebsd 14.3
freebsd freebsd 14.3
freebsd freebsd 14.3
freebsd freebsd 14.3
freebsd freebsd 14.3
freebsd freebsd 14.3
freebsd freebsd 15.0
freebsd freebsd 14.4
freebsd freebsd 15.0
freebsd freebsd 14.3
freebsd freebsd 14.4
freebsd freebsd 15.0
freebsd freebsd 13.5
freebsd freebsd 13.5
freebsd freebsd 13.5
freebsd freebsd 14.3
freebsd freebsd 14.4
freebsd freebsd 15.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-732 The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.
CWE-269 The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the FreeBSD amd64 kernel's handling of memory protection keys (pkru), specifically in the function pmap_pkru_update_range().

The function is supposed to update page table entries to apply protection keys to memory regions. However, it incorrectly assumes that a page directory entry always points to a page table page and does not properly handle 1GB large page mappings created via the shm_create_largepage(3) interface.

Because of this, an unprivileged user can exploit the bug to trick the function into treating user-space memory as a page table page, which can lead to overwriting memory areas that should be protected.

Impact Analysis

An unprivileged user can exploit this vulnerability to cause the kernel to overwrite memory regions that the application or user should not have access to.

This can lead to unauthorized memory modification, potentially allowing privilege escalation or other malicious actions that compromise system security.

Detection Guidance

There are no specific detection commands or network indicators provided for this vulnerability. It is a kernel-level issue related to memory protection key handling in FreeBSD amd64 systems.

Detection would primarily involve verifying the FreeBSD system version and whether the system has been updated with the patches addressing CVE-2026-6386.

You can check your FreeBSD version with the command: `freebsd-version`.

To verify if the system is patched, you may compare installed patches or check the update history, but no direct commands to detect exploitation or presence of the vulnerability are provided.

Mitigation Strategies

The immediate mitigation step is to upgrade your FreeBSD system to a patched version released on or after April 21, 2026.

  • If using pkg(8) for base system package installations, run: `pkg upgrade -r FreeBSD-base` and then reboot the system.
  • If using freebsd-update(8) for binary distribution set installations, run: `freebsd-update fetch` and `freebsd-update install` followed by a reboot.
  • Alternatively, apply the source code patches manually by downloading the appropriate patch for your FreeBSD version, verifying its PGP signature, applying it to the source tree, recompiling the kernel, and rebooting.

No workaround is available other than applying these updates or patches.

Compliance Impact

This vulnerability allows an unprivileged user to overwrite memory areas that should be protected, potentially leading to unauthorized access or modification of sensitive data.

Such unauthorized memory access and modification could compromise the confidentiality and integrity of data, which are critical requirements under common standards and regulations like GDPR and HIPAA.

Therefore, if exploited, this vulnerability could lead to non-compliance with these regulations due to potential data breaches or unauthorized data manipulation.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-6386. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart