CVE-2026-45250— Stack buffer overflow via setcred(2)
In-the-Wild Activity Observed github_trending · high
Possible ATT&CK Techniques 2AI
T1055 · Process Injection T1068 · Exploitation for Privilege EscalationGet alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-45250
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Stack buffer overflow via setcred(2)
Source: NVD (National Vulnerability Database)
Vulnerability Description
The setcred(2) system call is only available to privileged users. However, before the privilege level of the caller is checked, the user-supplied list of supplementary groups is copied into a fixed-size kernel stack buffer without first validating its length. If the supplied list exceeds the capacity of that buffer, a stack buffer overflow occurs. Because the bounds check on the supplementary groups list occurs after the kernel stack buffer has already been written, an unprivileged local user may trigger the overflow without holding any special privilege. Successful exploitation may allow an attacker to execute arbitrary code in the context of the kernel, allowing an unprivileged local user to gain elevated privileges on the affected system.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
栈缓冲区溢出
Source: NVD (National Vulnerability Database)
Vulnerability Title
FreeBSD 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
FreeBSD是FreeBSD基金会的一套类Unix操作系统。 FreeBSD存在安全漏洞,该漏洞源于setcred系统调用在检查调用者权限前将用户提供的补充组列表复制到固定大小的内核栈缓冲区而未验证长度,可能导致栈缓冲区溢出,允许无特权本地用户触发溢出并执行任意代码以提升权限。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2026-45250
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-45250
请登录查看更多情报信息。
Advisory · 1
Same Patch Batch · FreeBSD · 2026-05-21 · 7 CVEs total
| CVE-2026-45252 | Heap overflow in FUSE_LISTXATTR | |
| CVE-2026-45255 | Remote code execution via installer Wi-Fi access point scans | |
| CVE-2026-45251 | Kernel use-after-free via file descriptor syscalls | |
| CVE-2026-45253 | Missing validation in ptrace(PT_SC_REMOTE) | |
| CVE-2026-45254 | Incorrect libcap_net limitation list manipulation | |
| CVE-2026-39461 | select(2) file descriptor set overflow causes stack overflow |
IV. Related Vulnerabilities
Same product: FreeBSD
- CVE-2026-45254
Incorrect libcap_net limitation list manipulation - CVE-2026-45255
Remote code execution via installer Wi-Fi access point scans - CVE-2026-39461
select(2) file descriptor set overflow causes stack overflow - CVE-2026-45253
Missing validation in ptrace(PT_SC_REMOTE) - CVE-2026-45252
Heap overflow in FUSE_LISTXATTR
Same vendor: FreeBSD
- CVE-2026-45254
Incorrect libcap_net limitation list manipulation - CVE-2026-45255
Remote code execution via installer Wi-Fi access point scans - CVE-2026-39461
select(2) file descriptor set overflow causes stack overflow - CVE-2026-45253
Missing validation in ptrace(PT_SC_REMOTE) - CVE-2026-45252
Heap overflow in FUSE_LISTXATTR
Same weakness: CWE-121
- CVE-2026-39461
select(2) file descriptor set overflow causes stack overflow - CVE-2026-44056
Stack buffer overflow in desktop.c - CVE-2026-44048
Stack buffer overflow via UCS-2 type confusion in convert_ch - CVE-2026-9150
Libsolv: stack-based buffer overflow in libsolv's debian met - CVE-2026-8836
lwIP snmpv3 USM snmp_msg.c snmp_parse_inbound_frame stack-ba
V. Comments for CVE-2026-45250
No comments yet