The ELF image activator cleared per-process ASLR preference flags for setuid binaries after the code that computes the PIE base address, rather than before. As a result, a user-requested ASLR disable was still in effect at the point where the base address was chosen.
An unprivileged local user can disable ASLR for a setuid PIE binary by calling procctl(2) before execve(2). This makes exploitation of any separate memory corruption vulnerability in that binary significantly easier.
Metrics
Affected Vendors & Products
| Vendors | Products |
|---|---|
| Freebsd |
|
No data.
No data.
OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.
| Vendors | Products |
|---|---|
| Freebsd |
|
References
History
Sat, 27 Jun 2026 14:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Freebsd
Freebsd freebsd |
|
| Vendors & Products |
Freebsd
Freebsd freebsd |
Sat, 27 Jun 2026 10:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | The ELF image activator cleared per-process ASLR preference flags for setuid binaries after the code that computes the PIE base address, rather than before. As a result, a user-requested ASLR disable was still in effect at the point where the base address was chosen. An unprivileged local user can disable ASLR for a setuid PIE binary by calling procctl(2) before execve(2). This makes exploitation of any separate memory corruption vulnerability in that binary significantly easier. | |
| Title | ASLR bypass for setuid executables via procctl(2) | |
| Weaknesses | CWE-179 | |
| References |
|
MITRE
Status: PUBLISHED
Assigner: freebsd
Published:
Updated: 2026-06-27T09:22:23.307Z
Reserved: 2026-05-29T20:24:28.615Z
Link: CVE-2026-49414
Vulnrichment
No data.
NVD
No data.
Redhat
No data.
OpenCVE Enrichment
Updated: 2026-06-27T14:15:05Z