sys/kern/sysvsem.c in OpenBSD through 7.9 has a use-after-free allowing local privilege escalation to root. This is a context switch use-after-free after tsleep in syssemget().
{
"cna_assigner": "mitre",
"cwe_ids": [
"CWE-416"
],
"unresolved_ranges": [
{
"source": "AFFECTED_FIELD",
"extracted_events": [
{
"last_affected": "7.9"
}
]
},
{
"source": "CPE_FIELD",
"extracted_events": [
{
"last_affected": "7.9"
}
]
},
{
"source": "DESCRIPTION",
"extracted_events": [
{
"fixed": "7.9"
}
]
}
],
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/57xxx/CVE-2026-57589.json"
}"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-57589.json"
[
{
"id": "CVE-2026-57589-4bd71dc1",
"signature_type": "Function",
"signature_version": "v1",
"source": "https://github.com/openbsd/src/commit/1957873d2063db11dab780eca75b5e629d1e838d",
"deprecated": false,
"digest": {
"function_hash": "322522058439886595400246179423491947660",
"length": 4482.0
},
"target": {
"function": "sys_semop",
"file": "sys/kern/sysv_sem.c"
}
},
{
"id": "CVE-2026-57589-7ad2f6c9",
"signature_type": "Function",
"signature_version": "v1",
"source": "https://github.com/openbsd/src/commit/1957873d2063db11dab780eca75b5e629d1e838d",
"deprecated": false,
"digest": {
"function_hash": "217848115993372564629184086051722404493",
"length": 4664.0
},
"target": {
"function": "sys___semctl",
"file": "sys/kern/sysv_sem.c"
}
},
{
"id": "CVE-2026-57589-a675a916",
"signature_type": "Line",
"signature_version": "v1",
"source": "https://github.com/openbsd/src/commit/1957873d2063db11dab780eca75b5e629d1e838d",
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"246977753910152082490402102698964155722",
"317646096474357844088852743309993275021",
"87078008400971334680872521007098857679",
"245007424401256764752822905108390153218",
"132664982630534295079210702511474876517",
"21386229908323182952762286090572928792",
"308740433960641023942030832484508175942",
"16100528326759486536341803186058009060",
"320956391631002828313118249876510265745",
"180494709440810280397140372773418911371",
"208116393288224367041651189505877664497",
"22756473304300170012163399562948405167",
"218182009093330258137907025001823043561",
"318521321850573865351492640571228660688",
"10372875205716579673555705696210709162",
"251987729312266987704704809244029796493",
"122592137314758518198640335851431656593",
"224641776587058124473425376049113891228",
"185999812870521975884777186199052488768",
"205771741375729781075387064863144796321",
"270558835633617591286201964366119865728",
"261231970962812574026781490508862650072",
"312530304793072823442118065829044242951",
"125178795847921584783558210789138635769",
"253234338494914562044213500121670136918",
"62961884794221227143307212103106410395",
"304995122179689051970131751154143678625",
"43398011405793115136336866099903385831",
"139295941448883808357085991659118641950",
"110813114980496223574110196470947079153",
"193085018170152109982160135998286731649",
"181903387670707269397357327743616158914",
"284016160273533981094399401372014495383",
"141181910649809643460195889878087015209",
"7252866061448483795177254983165965582",
"295698249843683099370424932521579882509",
"126224592342021386119421084162464026520",
"198909776071150735972470243951488290058",
"265507549754861792132670198633823554555",
"91824233168372372596429155855237179501",
"84776879150314264046349720652583204051",
"263356649969937464589220406694142960963",
"339166873134930138115929127528943465858",
"185999812870521975884777186199052488768",
"205771741375729781075387064863144796321",
"270558835633617591286201964366119865728",
"16722493684668916677564837566515899377",
"215733384204503883099402873649661045754",
"265105479939586438251309697237965540092",
"268984645784917287917523401713715944523",
"104549014838940316009108410493850972252",
"251055587330579404291670296787820573228",
"2695888797462626252359375467121586423",
"218542234021136039081326316591245515231",
"211514058433747321450048798185580362672",
"332681078219469989934815608315713885311",
"120467794564388427281884998589716920996",
"315434567663645254255952620283585264803",
"137282847793016849485051008575449854410",
"284508511261872461995811529019869000412",
"184897263923493832451962684353464210060",
"130507065731417997908150871147678863716",
"116768070323135134087595598607923270257"
]
},
"target": {
"file": "sys/kern/sysv_sem.c"
}
},
{
"id": "CVE-2026-57589-e1be5ffd",
"signature_type": "Line",
"signature_version": "v1",
"source": "https://github.com/openbsd/src/commit/1957873d2063db11dab780eca75b5e629d1e838d",
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"124975675570749997501737053702904081520",
"207572255187672186130458408232740808367",
"68760473325506099253748643146440695933",
"199265464102050638554621294852772951584"
]
},
"target": {
"file": "sys/sys/sem.h"
}
},
{
"id": "CVE-2026-57589-eea483e8",
"signature_type": "Function",
"signature_version": "v1",
"source": "https://github.com/openbsd/src/commit/1957873d2063db11dab780eca75b5e629d1e838d",
"deprecated": false,
"digest": {
"function_hash": "209250511749157705242263140350830741081",
"length": 2675.0
},
"target": {
"function": "sys_semget",
"file": "sys/kern/sysv_sem.c"
}
}
]
"2026-07-15T10:20:26Z"