MEDIUM
illumos
CVE published 2026-07-16
CVE-2026-15449
CVE-2026-15449 is a time-of-check to time-of-use (TOCTOU) flaw in the illumos data-link pseudo-driver (dld). The vulnerability affects handling of the DLDIOC_GETMACPROP and DLDIOC_SETMACPROP ioctls on /dev/dld. An unprivileged local user, including one confined to a non-global zone that owns a datalink, can exploit this vulnerability to panic the system. The resulting kernel heap corruption may be usable [truncated]