CVE-2026-32848— NetBSD cryptodev Race Condition Double-Free via cryptodev_op()

CVSS 4.7 · Medium EPSS 0.01% · P1 Updated May 19, 2026

Possible ATT&CK Techniques 2AI

T1055 · Process Injection T1203 · Exploitation for Client Execution

Affected Version Matrix 1

Vendor	Product	Version Range	Status
NetBSD	src	`< ec8451efc1565516aba9e7047e1a1a1ce7953a2f`	affected

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-32848

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

NetBSD cryptodev Race Condition Double-Free via cryptodev_op()

Source: NVD (National Vulnerability Database)

Vulnerability Description

NetBSD prior to commit ec8451e contains a race condition vulnerability in cryptodev_op() within the opencrypto subsystem that allows local attackers to trigger a double-free condition by concurrently issuing CIOCCRYPT operations on the same session identifier on SMP systems. Attackers can exploit mutable per-operation state embedded in the csession struct to corrupt kernel heap memory.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Source: NVD (National Vulnerability Database)

Vulnerability Type

双重释放

Source: NVD (National Vulnerability Database)

Vulnerability Title

NetBSD 竞争条件问题漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

NetBSD是NetBSD基金会的一套开源的类Unix操作系统。 NetBSD ec8451之前版本存在竞争条件问题漏洞，该漏洞源于opencrypto子系统中cryptodev_op函数存在竞争条件，可能导致双重释放。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
NetBSD	src	0 ~ ec8451efc1565516aba9e7047e1a1a1ce7953a2f	-

II. Public POCs for CVE-2026-32848

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2026-32848

请登录查看更多情报信息。

Advisory · 1Blog · 1Patch · 1

NetBSD Race Condition Double-Free via cryptodev_op() | Advisories | VulnCheckthird-party-advisory
[Netbsd - cryptodev] One integer overflow and plenty of UAF - nasm.retechnical-descriptionexploit
Fix: · NetBSD/src@ec8451e · GitHubpatch
https://nvd.nist.gov/vuln/detail/CVE-2026-32848

IV. Related Vulnerabilities

Same product: src

CVE-2026-32849
NetBSD Signed Integer Overflow in cryptodev_op via cryptodev

Same vendor: NetBSD

CVE-2026-32849
NetBSD Signed Integer Overflow in cryptodev_op via cryptodev

Same weakness: CWE-415

V. Comments for CVE-2026-32848

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2026-32848— NetBSD cryptodev Race Condition Double-Free via cryptodev_op()

Possible ATT&CK Techniques 2AI

Affected Version Matrix 1

I. Basic Information for CVE-2026-32848

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2026-32848

III. Intelligence Information for CVE-2026-32848

IV. Related Vulnerabilities

V. Comments for CVE-2026-32848

Leave a comment