CVE-2026-32849— NetBSD Signed Integer Overflow in cryptodev_op via cryptodev.c
Possible ATT&CK Techniques 2AI
T1203 · Exploitation for Client Execution T1068 · Exploitation for Privilege EscalationGet alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-32849
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
NetBSD Signed Integer Overflow in cryptodev_op via cryptodev.c
Source: NVD (National Vulnerability Database)
Vulnerability Description
NetBSD prior to commit ec8451e contains a signed integer overflow vulnerability in the cryptodev_op() function in sys/opencrypto/cryptodev.c where the local variable iov_len is declared as a signed int but assigned from an unsigned cop->dst_len value, causing undefined behavior when cop->dst_len exceeds INT_MAX. A local attacker with access to /dev/crypto and a compression session type can exploit this vulnerability by providing a dst_len value exceeding INT_MAX to trigger a kernel panic through NULL pointer dereference when CONFIG_SVS is disabled and corrupted UIO pointer arithmetic.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
整数溢出或超界折返
Source: NVD (National Vulnerability Database)
Vulnerability Title
NetBSD 输入验证错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
NetBSD是NetBSD基金会的一套开源的类Unix操作系统。 NetBSD ec8451之前版本存在输入验证错误漏洞,该漏洞源于cryptodev_op函数中局部变量iov_len声明为有符号整数但赋值来自无符号值,可能导致有符号整数溢出。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2026-32849
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-32849
请登录查看更多情报信息。
Patches & Fixes for CVE-2026-32849 (1)
Vendor Advisories for CVE-2026-32849 (1)
Security Blog Posts for CVE-2026-32849 (1)
- 🔗 [Netbsd - cryptodev] One integer overflow and plenty of UAF - nasm.re Read full article technical-descriptionexploit
IV. Related Vulnerabilities
Same weakness: CWE-190
- CVE-2026-24214
NVIDIA Triton Inference Server 输入验证错误漏洞 - CVE-2026-24210
NVIDIA Triton Inference Server 输入验证错误漏洞 - CVE-2026-43618
Rsync < 3.4.3 Integer Overflow Information Disclosure - CVE-2026-33642
Kitty has a Heap Buffer Over-Read/Write via Integer Overflow - CVE-2026-27781
kernel_liteos_a has an integer overflow vulnerability
V. Comments for CVE-2026-32849
No comments yet