CVE-2026-32848

MEDIUM 4.7

NetBSD cryptodev Race Condition Double-Free via cryptodev_op()

CVSS Score

4.7

EPSS Score

0.0%

EPSS Percentile

0th

NetBSD prior to commit ec8451e contains a race condition vulnerability in cryptodev_op() within the opencrypto subsystem that allows local attackers to trigger a double-free condition by concurrently issuing CIOCCRYPT operations on the same session identifier on SMP systems. Attackers can exploit mutable per-operation state embedded in the csession struct to corrupt kernel heap memory.

CWE	CWE-415 CWE-362
Vendor	netbsd
Product	src
Published	May 18, 2026
Last Updated	May 19, 2026

Stay Ahead of the Next One

Get instant alerts for netbsd src

Be the first to know when new medium vulnerabilities affecting netbsd src are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Local

Attack Complexity

High

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Affected Versions

NetBSD / src

0 < ec8451efc1565516aba9e7047e1a1a1ce7953a2f

References

NVD ↗ CVE.org ↗ EPSS Data ↗

nasm.re: https://nasm.re/posts/uaf_netbsd_crypto/ github.com: https://github.com/NetBSD/src/commit/ec8451efc1565516aba9e7047e1a1a1ce7953a2f vulncheck.com: https://www.vulncheck.com/advisories/netbsd-cryptodev-race-condition-double-free-via-cryptodev-op

Credits

nasm VulnCheck