MNBSD-2026-24: Linuxulator does not set AT_SECURE for setuid/setgid binaries

Severity: Unknown

Affected Package: kernel

Summary: Linuxulator does not set AT_SECURE for setuid/setgid binaries

Description

When constructing the Linux ELF auxiliary vector, the Linuxulator derived AT_SECURE from P_SUGID, which is not set until later in execve(2) and so could not reliably indicate a setuid/setgid binary. As a result AT_SECURE could be unset for setugid Linux binaries, defeating secure runtime linker mode. Fixed by using image_params.credential_setid. Ports FreeBSD-SA-26:30.linux.

Affected Versions

kernel

Recommendations

No specific recommendations provided.

References

Additional Information

Aliases: CVE-2026-49413

Published: June 11, 2026
Last Modified: June 11, 2026