CVE-2026-32848: Double Free in NetBSD src
CVE-2026-32848 is a race condition vulnerability in the NetBSD opencrypto subsystem prior to commit ec8451e. It allows local attackers on SMP systems to trigger a double-free condition by concurrently issuing CIOCCRYPT operations on the same session identifier. This can lead to kernel heap memory corruption due to mutable per-operation state in the csession struct. The vulnerability has a medium severity with a CVSS score of 5. 7. No known exploits are reported in the wild, and no official patch or remediation guidance is currently available.
AI Analysis
Technical Summary
This vulnerability exists in the cryptodev_op() function within the opencrypto subsystem of NetBSD before commit ec8451e. A race condition allows local attackers with low privileges to concurrently issue CIOCCRYPT operations on the same session identifier on symmetric multiprocessing (SMP) systems. This concurrency leads to a double-free condition by corrupting mutable per-operation state embedded in the csession struct, resulting in kernel heap memory corruption. The CVSS 4.0 vector indicates local attack vector, high attack complexity, no user interaction, and high impact on availability.
Potential Impact
Successful exploitation can cause kernel heap memory corruption, potentially leading to system instability or denial of service. The vulnerability requires local access and concurrent operations on SMP systems, limiting the attack surface. There are no reports of exploitation in the wild at this time.
Mitigation Recommendations
Patch status is not yet confirmed — check the NetBSD vendor advisory for current remediation guidance. Until an official fix is released, avoid concurrent CIOCCRYPT operations on the same session identifier on SMP systems if possible.
CVE-2026-32848: Double Free in NetBSD src
Description
CVE-2026-32848 is a race condition vulnerability in the NetBSD opencrypto subsystem prior to commit ec8451e. It allows local attackers on SMP systems to trigger a double-free condition by concurrently issuing CIOCCRYPT operations on the same session identifier. This can lead to kernel heap memory corruption due to mutable per-operation state in the csession struct. The vulnerability has a medium severity with a CVSS score of 5. 7. No known exploits are reported in the wild, and no official patch or remediation guidance is currently available.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability exists in the cryptodev_op() function within the opencrypto subsystem of NetBSD before commit ec8451e. A race condition allows local attackers with low privileges to concurrently issue CIOCCRYPT operations on the same session identifier on symmetric multiprocessing (SMP) systems. This concurrency leads to a double-free condition by corrupting mutable per-operation state embedded in the csession struct, resulting in kernel heap memory corruption. The CVSS 4.0 vector indicates local attack vector, high attack complexity, no user interaction, and high impact on availability.
Potential Impact
Successful exploitation can cause kernel heap memory corruption, potentially leading to system instability or denial of service. The vulnerability requires local access and concurrent operations on SMP systems, limiting the attack surface. There are no reports of exploitation in the wild at this time.
Mitigation Recommendations
Patch status is not yet confirmed — check the NetBSD vendor advisory for current remediation guidance. Until an official fix is released, avoid concurrent CIOCCRYPT operations on the same session identifier on SMP systems if possible.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- VulnCheck
- Date Reserved
- 2026-03-16T18:11:41.758Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a0b58bcec166c07b0df8a13
Added to database: 5/18/2026, 6:21:48 PM
Last enriched: 5/18/2026, 6:36:45 PM
Last updated: 5/18/2026, 7:49:18 PM
Views: 3
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.