MNBSD-2026-58: Incorrect audit records for ptrace(PT_SC_REMOTE) syscalls (CVE-2026-49426)

Severity: Unknown

Affected Package: kernel/audit

Summary: Incorrect audit records for ptrace(PT_SC_REMOTE) syscalls (CVE-2026-49426)

Description

When auditing a system call executed via ptrace(PT_SC_REMOTE), the MidnightBSD kernel passed the return value of an internal setup function to AUDIT_SYSCALL_EXIT() instead of the actual result of the executed system call. 1. Return of wrong status code in audit (CWE-393, CVE-2026-49426) - committed audit records for remotely executed system calls that failed incorrectly indicated success. An attacker able to debug a process could produce misleading audit trails, potentially undermining audit-based intrusion detection. Systems that do not use audit(4) are not affected.

Affected Versions

kernel/audit

Recommendations

No specific recommendations provided.

References

Additional Information

Aliases: CVE-2026-49426

Published: July 01, 2026
Last Modified: July 01, 2026