Severity: Unknown
Affected Package: kernel
Summary: sound(4) mmap buffer lifetime use-after-free
The sound(4) mmap path did not hold references on the DSP cdev and sound buffer for the lifetime of the mapping, allowing a use-after-free of the sound buffer. Fixed by holding references for the lifetime of the mapping. Ports the FreeBSD sound(4) mmap security fix.
No specific recommendations provided.
Aliases: CVE-2026-45258
Published: June 11, 2026
Last Modified: June 11, 2026