CVE-2026-6386

UNKNOWN 0.0

Missing large page handling in pmap_pkru_update_range()

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

In order to apply a particular protection key to an address range, the kernel must update the corresponding page table entries. The subroutine which handled this failed to take into account the presence of 1GB largepage mappings created using the shm_create_largepage(3) interface. In particular, it would always treat a page directory page entry as pointing to another page table page. The bug can be abused by an unprivileged user to cause pmap_pkru_update_range() to treat userspace memory as a page table page, and thus overwrite memory to which the application would otherwise not have access.

CWE	CWE-269 CWE-732
Vendor	freebsd
Product	freebsd
Published	Apr 22, 2026

Stay Ahead of the Next One

Get instant alerts for freebsd freebsd

Be the first to know when new unknown vulnerabilities affecting freebsd freebsd are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

FreeBSD / FreeBSD

15.0-RELEASE < p6 14.4-RELEASE < p2 14.3-RELEASE < p11 13.5-RELEASE < p12

References

NVD ↗ CVE.org ↗ EPSS Data ↗

security.freebsd.org: https://security.freebsd.org/advisories/FreeBSD-SA-26:11.amd64.asc

Credits

Nicholas Carlini using Claude, Anthropic