CVE-2026-57589

Source
https://cve.org/CVERecord?id=CVE-2026-57589
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-57589.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-57589
Published
2026-06-25T00:33:04.749Z
Modified
2026-07-15T10:20:26.015843Z
Severity
  • 7.4 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

sys/kern/sysvsem.c in OpenBSD through 7.9 has a use-after-free allowing local privilege escalation to root. This is a context switch use-after-free after tsleep in syssemget().

Database specific
{
    "cna_assigner": "mitre",
    "cwe_ids": [
        "CWE-416"
    ],
    "unresolved_ranges": [
        {
            "source": "AFFECTED_FIELD",
            "extracted_events": [
                {
                    "last_affected": "7.9"
                }
            ]
        },
        {
            "source": "CPE_FIELD",
            "extracted_events": [
                {
                    "last_affected": "7.9"
                }
            ]
        },
        {
            "source": "DESCRIPTION",
            "extracted_events": [
                {
                    "fixed": "7.9"
                }
            ]
        }
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/57xxx/CVE-2026-57589.json"
}
References

Affected packages

Git / github.com/openbsd/src

Affected ranges

Type
GIT
Repo
https://github.com/openbsd/src
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Database specific
{
    "source": "REFERENCES"
}

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-57589.json"
vanir_signatures
[
    {
        "id": "CVE-2026-57589-4bd71dc1",
        "signature_type": "Function",
        "signature_version": "v1",
        "source": "https://github.com/openbsd/src/commit/1957873d2063db11dab780eca75b5e629d1e838d",
        "deprecated": false,
        "digest": {
            "function_hash": "322522058439886595400246179423491947660",
            "length": 4482.0
        },
        "target": {
            "function": "sys_semop",
            "file": "sys/kern/sysv_sem.c"
        }
    },
    {
        "id": "CVE-2026-57589-7ad2f6c9",
        "signature_type": "Function",
        "signature_version": "v1",
        "source": "https://github.com/openbsd/src/commit/1957873d2063db11dab780eca75b5e629d1e838d",
        "deprecated": false,
        "digest": {
            "function_hash": "217848115993372564629184086051722404493",
            "length": 4664.0
        },
        "target": {
            "function": "sys___semctl",
            "file": "sys/kern/sysv_sem.c"
        }
    },
    {
        "id": "CVE-2026-57589-a675a916",
        "signature_type": "Line",
        "signature_version": "v1",
        "source": "https://github.com/openbsd/src/commit/1957873d2063db11dab780eca75b5e629d1e838d",
        "deprecated": false,
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "246977753910152082490402102698964155722",
                "317646096474357844088852743309993275021",
                "87078008400971334680872521007098857679",
                "245007424401256764752822905108390153218",
                "132664982630534295079210702511474876517",
                "21386229908323182952762286090572928792",
                "308740433960641023942030832484508175942",
                "16100528326759486536341803186058009060",
                "320956391631002828313118249876510265745",
                "180494709440810280397140372773418911371",
                "208116393288224367041651189505877664497",
                "22756473304300170012163399562948405167",
                "218182009093330258137907025001823043561",
                "318521321850573865351492640571228660688",
                "10372875205716579673555705696210709162",
                "251987729312266987704704809244029796493",
                "122592137314758518198640335851431656593",
                "224641776587058124473425376049113891228",
                "185999812870521975884777186199052488768",
                "205771741375729781075387064863144796321",
                "270558835633617591286201964366119865728",
                "261231970962812574026781490508862650072",
                "312530304793072823442118065829044242951",
                "125178795847921584783558210789138635769",
                "253234338494914562044213500121670136918",
                "62961884794221227143307212103106410395",
                "304995122179689051970131751154143678625",
                "43398011405793115136336866099903385831",
                "139295941448883808357085991659118641950",
                "110813114980496223574110196470947079153",
                "193085018170152109982160135998286731649",
                "181903387670707269397357327743616158914",
                "284016160273533981094399401372014495383",
                "141181910649809643460195889878087015209",
                "7252866061448483795177254983165965582",
                "295698249843683099370424932521579882509",
                "126224592342021386119421084162464026520",
                "198909776071150735972470243951488290058",
                "265507549754861792132670198633823554555",
                "91824233168372372596429155855237179501",
                "84776879150314264046349720652583204051",
                "263356649969937464589220406694142960963",
                "339166873134930138115929127528943465858",
                "185999812870521975884777186199052488768",
                "205771741375729781075387064863144796321",
                "270558835633617591286201964366119865728",
                "16722493684668916677564837566515899377",
                "215733384204503883099402873649661045754",
                "265105479939586438251309697237965540092",
                "268984645784917287917523401713715944523",
                "104549014838940316009108410493850972252",
                "251055587330579404291670296787820573228",
                "2695888797462626252359375467121586423",
                "218542234021136039081326316591245515231",
                "211514058433747321450048798185580362672",
                "332681078219469989934815608315713885311",
                "120467794564388427281884998589716920996",
                "315434567663645254255952620283585264803",
                "137282847793016849485051008575449854410",
                "284508511261872461995811529019869000412",
                "184897263923493832451962684353464210060",
                "130507065731417997908150871147678863716",
                "116768070323135134087595598607923270257"
            ]
        },
        "target": {
            "file": "sys/kern/sysv_sem.c"
        }
    },
    {
        "id": "CVE-2026-57589-e1be5ffd",
        "signature_type": "Line",
        "signature_version": "v1",
        "source": "https://github.com/openbsd/src/commit/1957873d2063db11dab780eca75b5e629d1e838d",
        "deprecated": false,
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "124975675570749997501737053702904081520",
                "207572255187672186130458408232740808367",
                "68760473325506099253748643146440695933",
                "199265464102050638554621294852772951584"
            ]
        },
        "target": {
            "file": "sys/sys/sem.h"
        }
    },
    {
        "id": "CVE-2026-57589-eea483e8",
        "signature_type": "Function",
        "signature_version": "v1",
        "source": "https://github.com/openbsd/src/commit/1957873d2063db11dab780eca75b5e629d1e838d",
        "deprecated": false,
        "digest": {
            "function_hash": "209250511749157705242263140350830741081",
            "length": 2675.0
        },
        "target": {
            "function": "sys_semget",
            "file": "sys/kern/sysv_sem.c"
        }
    }
]
vanir_signatures_modified
"2026-07-15T10:20:26Z"