CVE-2026-45250
7.8 HIGHThe setcred(2) system call is only available to privileged users
Published: 2026-05-21 · Last updated: 2026-05-22
Severity and scoring
- CVSS
- 7.8 HIGH
- Vector
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- CWE
- CWE-121
Affected products
| Vendor | Product |
|---|---|
| freebsd | freebsd |
Description
The setcred(2) system call is only available to privileged users. However, before the privilege level of the caller is checked, the user-supplied list of supplementary groups is copied into a fixed-size kernel stack buffer without first validating its length. If the supplied list exceeds the capacity of that buffer, a stack buffer overflow occurs. Because the bounds check on the supplementary groups list occurs after the kernel stack buffer has already been written, an unprivileged local user may trigger the overflow without holding any special privilege. Successful exploitation may allow an attacker to execute arbitrary code in the context of the kernel, allowing an unprivileged local user to gain elevated privileges on the affected system.
Source: NVD
References
Related CVEs
Same vendor
- CVE-2026-45255 — When bsdinstall or bsdconfig are prompted to scan for nearby Wi-Fi networks, they build up a list of network names and use bsddialog(1) t... (7.5 HIGH)
- CVE-2026-45254 — In the case of the cap_net service, when a key present in the old limit was omitted from the new limit, the missing key was treated as "a... (6.5 MEDIUM)
- CVE-2026-45253 — ptrace(PT_SC_REMOTE) failed to properly validate parameters for the syscall(2) and __syscall(2) meta-system calls (8.4 HIGH)
- CVE-2026-45252 — When a fusefs file system implements extended attributes, the kernel may send a FUSE_LISTXATTR message to the userspace daemon to retriev... (5.5 MEDIUM)
- CVE-2026-45251 — A file descriptor can be closed while a thread is blocked in a poll(2) or select(2) call waiting for that descriptor (7.8 HIGH)
Same CWE
- CVE-2026-10829 — A stack-based buffer overflow vulnerability has been found in the NPort W2150A-W4/W2250A-W4 Series version 1.5 and earlier
- CVE-2026-7273 — A stack-based buffer overflow vulnerability in the CGI program of Zyxel GS1900-48HPv2 firmware versions through 2.90(ABTQ.1)C0 could allo... (8.8 HIGH)
- CVE-2025-55660 — A stack overflow in the gf_opus_read_length function (media_tools/av_parsers.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of... (5.5 MEDIUM)
- CVE-2026-8356 — LibreOffice can import presentations in the legacy binary PPT format
- CVE-2026-12222 — A vulnerability was determined in Yealink SIP-T46U 108.86.0.118 (8.0 HIGH)