CVE-2026-49414
Received Received - Intake

ASLR Bypass in FreeBSD ELF Image Activator

Publication date: 2026-06-27

Last updated on: 2026-06-27

Assigner: FreeBSD

Description
The ELF image activator cleared per-process ASLR preference flags for setuid binaries after the code that computes the PIE base address, rather than before. As a result, a user-requested ASLR disable was still in effect at the point where the base address was chosen. An unprivileged local user can disable ASLR for a setuid PIE binary by calling procctl(2) before execve(2). This makes exploitation of any separate memory corruption vulnerability in that binary significantly easier.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-27
Last Modified
2026-06-27
Generated
2026-06-27
AI Q&A
2026-06-27
EPSS Evaluated
N/A
NVD
CVE-2026-49414
EUVD
EUVD-2026-39966

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
freebsd freebsd From 14.3 (inc) to 15.1 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-179 The product validates input before applying protection mechanisms that modify the input, which could allow an attacker to bypass the validation via dangerous inputs that only arise after the modification.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability involves FreeBSD's Address Space Layout Randomization (ASLR) mechanism for setuid executables. Specifically, the ELF image activator clears per-process ASLR preference flags for setuid binaries after computing the Position Independent Executable (PIE) base address, instead of before. Because of this, a user-requested ASLR disable remains effective when the base address is chosen.

As a result, an unprivileged local user can disable ASLR for a setuid PIE binary by calling procctl(2) before execve(2). This makes it significantly easier to exploit any separate memory corruption vulnerability in that binary.

Impact Analysis

This vulnerability allows an unprivileged local user to disable ASLR for setuid PIE binaries, which weakens the security protections that randomize memory addresses.

By disabling ASLR, it becomes significantly easier for an attacker to exploit memory corruption vulnerabilities in those binaries, potentially leading to privilege escalation or unauthorized code execution.

Detection Guidance

There is no specific information provided about detection methods or commands to identify this vulnerability on a network or system.

Mitigation Strategies

To mitigate this vulnerability, users should upgrade their FreeBSD systems to the corrected versions where the issue has been patched.

The FreeBSD Project has released patches for stable/15, stable/14, and their respective release branches (15.1, 15.0, 14.4, and 14.3).

Users are advised to update their systems using pkg or freebsd-update utilities and then reboot the system.

No workarounds are available, so applying the official patches or updates is the only effective mitigation.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-49414. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart