CVE-2026-6386: Kernel Privilege Escalation in FreeBSD
Platform
linux
Component
freebsd
Fixed in
p6
p2
p11
p12
CVE-2026-6386 is a privilege escalation vulnerability discovered in the FreeBSD Kernel. This flaw allows an unprivileged user to manipulate memory mappings, potentially leading to arbitrary code execution and complete system compromise. The vulnerability affects FreeBSD Kernel version 13.5-RELEASE–p12, and a patch is available in version p12.
Impact and Attack Scenarios
The vulnerability stems from an error in how the kernel handles largepage mappings created with shmcreatelargepage(3). Specifically, the pmappkruupdate_range() function incorrectly treats userspace memory as a page table page. This misinterpretation allows an attacker to overwrite memory locations that would normally be inaccessible, effectively bypassing memory protection mechanisms. Successful exploitation could grant an attacker root privileges, enabling them to install malware, steal sensitive data, or completely control the affected system. The potential impact is significant, particularly in multi-user environments where an attacker could compromise other user accounts.
Exploitation Context
CVE-2026-6386 was publicly disclosed on 2026-04-22. Currently, there are no publicly available proof-of-concept exploits. The EPSS score is pending evaluation. It is not currently listed on the CISA KEV catalog.
Threat Intelligence
Exploit Status
EPSS
0.02% (4% percentile)
Affected Software
Weakness Classification (CWE)
Timeline
- Reserved
- Published
- EPSS updated
Mitigation and Workarounds
The primary mitigation is to upgrade to FreeBSD Kernel 13.5-RELEASE–p12, which contains the fix for this vulnerability. If an immediate upgrade is not feasible, consider implementing temporary workarounds such as restricting access to the shmcreatelargepage(3) interface. Monitoring system logs for unusual memory access patterns can also help detect potential exploitation attempts. After upgrading, confirm the fix by attempting to reproduce the vulnerability using known exploit techniques and verifying that the memory protection mechanisms are functioning as expected.
How to fix
Upgrade to FreeBSD 15.0-RELEASE-p6, 14.4-RELEASE-p2, 14.3-RELEASE-p11 or 13.5-RELEASE-p12 to mitigate the vulnerability. The update corrects an error in large page handling, preventing memory overwrites in userspace.
CVE Security Newsletter
Vulnerability analysis and critical alerts directly to your inbox.
Frequently asked questions
What is CVE-2026-6386 — Kernel Privilege Escalation in FreeBSD?
CVE-2026-6386 is a vulnerability in FreeBSD Kernel 13.5-RELEASE–p12 that allows an unprivileged user to potentially gain elevated privileges by manipulating memory mappings.
Am I affected by CVE-2026-6386 in FreeBSD?
If you are running FreeBSD Kernel 13.5-RELEASE–p12, you are potentially affected by this vulnerability. Upgrade to p12 to mitigate the risk.
How do I fix CVE-2026-6386 in FreeBSD?
The recommended fix is to upgrade to FreeBSD Kernel 13.5-RELEASE–p12. This version includes a patch that addresses the vulnerability.
Is CVE-2026-6386 being actively exploited?
As of the current disclosure date, there are no confirmed reports of active exploitation of CVE-2026-6386.
Where can I find the official FreeBSD advisory for CVE-2026-6386?
Please refer to the official FreeBSD security advisories for the most up-to-date information and announcements regarding CVE-2026-6386.
Is your project affected?
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.