Severity: Unknown
Affected Package: kernel
Summary: ASLR bypass for setuid executables via procctl(2)
The ELF image activator cleared per-process ASLR preference flags for setuid binaries only after computing the PIE base address. An unprivileged user could call procctl(PROC_ASLR_CTL, PROC_ASLR_FORCE_DISABLE) before execve(2) to disable ASLR for a setuid PIE binary, easing exploitation of memory-corruption bugs in that binary. Fixed by clearing the credential setid ASLR flags before the load base is chosen. Ports FreeBSD-SA-26:32.elf.
No specific recommendations provided.
Aliases: CVE-2026-49414
Published: June 11, 2026
Last Modified: June 11, 2026