PatchSiren cyber security CVE debrief
CVE-2026-45251 FreeBSD CVE debrief
CVE-2026-45251 describes a kernel use-after-free condition that can occur when a thread is blocked in poll(2) or select(2) waiting on a file descriptor that gets closed. In some file descriptor types, the blocked thread was not removed from the object’s wait queue before the object was freed. If the thread is later woken, it can access freed memory. The issue is reported as triggerable by an unprivileged local user and potentially exploitable for superuser privileges.
- Vendor
- FreeBSD
- Product
- Unknown
- CVSS
- HIGH 7.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-05-21
- Original CVE updated
- 2026-05-21
- Advisory published
- 2026-05-21
- Advisory updated
- 2026-05-21
Who should care
FreeBSD administrators and security teams, especially on multi-user systems where untrusted or semi-trusted local users can run processes that use poll(2) or select(2). Kernel maintainers and platform operators should treat this as a high-priority local privilege-escalation issue.
Technical summary
The CVE describes a race/use-after-free in the kernel’s wait-queue handling for blocked poll(2) or select(2) callers. A file descriptor can be closed while another thread remains blocked waiting on it; because the blocked thread does not hold a reference to the underlying object, the object may be freed first. In the affected cases, the kernel failed to unlink the sleeping thread from the per-object wait queue before freeing the object. When the blocked thread is later awakened, it dereferences memory that has already been freed, creating a CWE-416 use-after-free condition. The NVD record references the FreeBSD advisory FreeBSD-SA-26:19.file, but the supplied corpus does not include the advisory text or affected-version details.
Defensive priority
High. This is a local privilege-escalation class kernel vulnerability with potential superuser impact, so it should be prioritized for patching and validation on any system that may be exposed to untrusted local users.
Recommended defensive actions
- Review the referenced FreeBSD advisory for fixed releases and apply the vendor-provided kernel update as soon as it is available for your platform.
- Plan a maintenance reboot if the remediation requires a kernel replacement or reboot to take effect.
- Reduce exposure to untrusted local code execution on affected systems until patched, including limiting shell, service, and container access where practical.
- After remediation, verify the running kernel/build matches the vendor-fixed release and confirm the advisory is addressed in your asset inventory.
- Monitor for unusual crashes, kernel panics, or privilege-escalation indicators on systems that may have been exposed before patching.
Evidence notes
This debrief is based only on the supplied CVE/NVD record and the referenced official FreeBSD advisory URL. The NVD entry lists the issue as received on 2026-05-21 and cites a FreeBSD SecTeam advisory reference. The source corpus does not include the advisory body, fixed-version matrix, or any exploit details, so those are intentionally not inferred here.
Official resources
-
CVE-2026-45251 CVE record
CVE.org
-
CVE-2026-45251 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
Publicly disclosed in the CVE/NVD record on 2026-05-21 10:16:26 UTC. The NVD entry is marked Received and references a FreeBSD advisory (FreeBSD-SA-26:19.file).