CVE-2026-49417
Multiple vulnerabilities in the sound(4) mmap path
Vexday Risk Score
41Attention
SSVC decision (CISA)
Attend
PoC available → attend closely
CVSS 7EPSS 0.2%KEV nãoPoC públicaNuclei —Metasploit —Patch referenciado
Lifecycle
10 Jun 2026Public PoC
27 Jun 2026Published on NVD
Recommendation: Plan a near-term fix — a public PoC already exists.
Second, the audio buffer backing a mapping could be freed when the device was closed even though the mapping remained valid. The freed memory could then be reused elsewhere while still accessible through the stale mapping.
The /dev/dsp device nodes are world-accessible by default. On a system with an audio device, either issue allows an unprivileged local user to read and write kernel memory, which can be used to escalate privileges, potentially gaining full control of the affected system. At a minimum, an attacker can crash the kernel, resulting in a Denial of Service (DoS).
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected products
FreeBSD · FreeBSDpublic PoCs found — 1
githubgithub.com/Yayoi-cs/CVE-2026-49417_1day_LPE_exploit★ 0⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →