CVE-2026-32848 NetBSD CVE debrief

Who should care

NetBSD system administrators operating multi-processor systems with opencrypto/cryptodev enabled; security teams managing BSD-based infrastructure; kernel developers maintaining cryptographic subsystem code

Technical summary

The cryptodev_op() function in NetBSD's opencrypto subsystem contains a race condition where concurrent CIOCCRYPT operations on the same session identifier can trigger a double-free condition. The vulnerability exists because per-operation state is stored mutably within the csession structure, which is shared across operations. On symmetric multiprocessing (SMP) systems, an attacker with local access can exploit this timing window to corrupt kernel heap memory. Successful exploitation could lead to system instability or potential privilege escalation. The vulnerability was addressed in NetBSD src commit ec8451efc1565516aba9e7047e1a1a1ce7953a2f.

Defensive priority

medium

Recommended defensive actions

• Apply NetBSD src commit ec8451e or later to affected systems
• Restrict local access to cryptodev device nodes (/dev/crypto) to trusted users only
• Monitor for unusual cryptodev session activity or kernel crashes on multi-processor systems
• Review system logs for signs of local privilege escalation attempts
• Consider disabling hardware crypto acceleration if not required, falling back to software implementations
• Audit for unauthorized local user accounts that could leverage this vulnerability

Evidence notes

Vulnerability disclosed via VulnCheck advisory with technical analysis published at nasm.re. Fix committed to NetBSD src repository. NVD status currently Deferred.

Official resources