CVE-2026-49412
Received Received - Intake

Use-After-Free in FreeBSD Kernel IPV6_MSFILTER Handler

Publication date: 2026-06-27

Last updated on: 2026-06-27

Assigner: FreeBSD

Description
The kernel handler for IPV6_MSFILTER dropped a serializing lock in order to copy the source-filter list from userspace, then reacquired the lock. During this window another thread could free the multicast filter structure, leaving the handler with a stale pointer to freed memory. An unprivileged local user can exploit this use-after-free to escalate privileges.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-27
Last Modified
2026-06-27
Generated
2026-06-27
AI Q&A
2026-06-27
EPSS Evaluated
N/A
NVD
CVE-2026-49412
EUVD
EUVD-2026-39964

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
freebsd freebsd From 14.3 (inc) to 15.1 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-416 The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability is a use-after-free issue in the FreeBSD kernel's IPv6 multicast subsystem, specifically in the IPV6_MSFILTER socket option handler.

The kernel handler temporarily drops a serializing lock to copy the source-filter list from userspace and then reacquires it. During this window, another thread can free the multicast filter structure, leaving the handler with a stale pointer to memory that has already been freed.

An unprivileged local user can exploit this race condition to escalate their privileges on the system.

Impact Analysis

This vulnerability allows an unprivileged local user to escalate their privileges on a FreeBSD system.

By exploiting the use-after-free condition, an attacker can gain higher-level access than intended, potentially leading to unauthorized control over the system.

Mitigation Strategies

To mitigate this vulnerability, users should upgrade their FreeBSD systems to the patched versions released by the FreeBSD Project. These patches address the use-after-free issue in the IPV6_MSFILTER socket option handler.

  • Upgrade using pkg or freebsd-update tools.
  • Alternatively, apply the source code patches provided for your FreeBSD branch.
  • Reboot the system after applying the updates or patches to ensure the fixes take effect.

The corrected versions and patches have been available since June 9, 2026.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-49412. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart