MNBSD-2026-27: sound(4) mmap buffer lifetime use-after-free

Severity: Unknown

Affected Package: kernel

Summary: sound(4) mmap buffer lifetime use-after-free

Description

The sound(4) mmap path did not hold references on the DSP cdev and sound buffer for the lifetime of the mapping, allowing a use-after-free of the sound buffer. Fixed by holding references for the lifetime of the mapping. Ports the FreeBSD sound(4) mmap security fix.

Affected Versions

kernel

Recommendations

No specific recommendations provided.

References

Additional Information

Aliases: CVE-2026-45258

Published: June 11, 2026
Last Modified: June 11, 2026