CVE-2026-45251— Kernel use-after-free via file descriptor syscalls
Possible ATT&CK Techniques 2AI
T1068 · Exploitation for Privilege Escalation T1203 · Exploitation for Client ExecutionGet alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-45251
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Kernel use-after-free via file descriptor syscalls
Source: NVD (National Vulnerability Database)
Vulnerability Description
A file descriptor can be closed while a thread is blocked in a poll(2) or select(2) call waiting for that descriptor. Because the blocked thread does not hold a reference to the underlying object, this closure may result in the object being freed while the thread remains blocked. In this situation, the kernel must remove the blocked thread from the per-object wait queue prior to freeing the object. In the case of some file descriptor types, the kernel failed to unlink blocked threads from the object before freeing it. When the blocked thread is subsequently woken, it accesses memory that has already been freed resulting in a use-after-free vulnerability. The use-after-free vulnerability may be triggered by an unprivileged local user and can be exploited to obtain superuser privileges.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
释放后使用
Source: NVD (National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2026-45251
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-45251
请登录查看更多情报信息。
Same Patch Batch · FreeBSD · 2026-05-21 · 7 CVEs total
| CVE-2026-45254 | Incorrect libcap_net limitation list manipulation | |
| CVE-2026-45255 | Remote code execution via installer Wi-Fi access point scans | |
| CVE-2026-39461 | select(2) file descriptor set overflow causes stack overflow | |
| CVE-2026-45253 | Missing validation in ptrace(PT_SC_REMOTE) | |
| CVE-2026-45252 | Heap overflow in FUSE_LISTXATTR | |
| CVE-2026-45250 | Stack buffer overflow via setcred(2) |
IV. Related Vulnerabilities
Same product: FreeBSD
- CVE-2026-45254
Incorrect libcap_net limitation list manipulation - CVE-2026-45255
Remote code execution via installer Wi-Fi access point scans - CVE-2026-39461
select(2) file descriptor set overflow causes stack overflow - CVE-2026-45253
Missing validation in ptrace(PT_SC_REMOTE) - CVE-2026-45252
Heap overflow in FUSE_LISTXATTR
Same vendor: FreeBSD
- CVE-2026-45254
Incorrect libcap_net limitation list manipulation - CVE-2026-45255
Remote code execution via installer Wi-Fi access point scans - CVE-2026-39461
select(2) file descriptor set overflow causes stack overflow - CVE-2026-45253
Missing validation in ptrace(PT_SC_REMOTE) - CVE-2026-45252
Heap overflow in FUSE_LISTXATTR
V. Comments for CVE-2026-45251
No comments yet