PatchSiren

illumos CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

MEDIUM illumos CVE published 2026-07-16

CVE-2026-15449

CVE-2026-15449 is a time-of-check to time-of-use (TOCTOU) flaw in the illumos data-link pseudo-driver (dld). The vulnerability affects handling of the DLDIOC_GETMACPROP and DLDIOC_SETMACPROP ioctls on /dev/dld. An unprivileged local user, including one confined to a non-global zone that owns a datalink, can exploit this vulnerability to panic the system. The resulting kernel heap corruption may be usable [truncated]