An unprivileged local user can disable ASLR for a setuid PIE binary by calling procctl(2) before execve(2). This makes exploitation of any separate memory corruption vulnerability in that binary significantly easier.
Analysis
Analysis and contextual insights are available on OpenCVE Cloud.
Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).
| Vendor | Product | Default status | Versions | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| FreeBSD | FreeBSD | unknown |
|
No data.
No data.
No data available yet.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
No advisories yet.
Sat, 27 Jun 2026 10:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | The ELF image activator cleared per-process ASLR preference flags for setuid binaries after the code that computes the PIE base address, rather than before. As a result, a user-requested ASLR disable was still in effect at the point where the base address was chosen. An unprivileged local user can disable ASLR for a setuid PIE binary by calling procctl(2) before execve(2). This makes exploitation of any separate memory corruption vulnerability in that binary significantly easier. | |
| Title | ASLR bypass for setuid executables via procctl(2) | |
| Weaknesses | CWE-179 | |
| References |
|
Subscriptions
No data.
MITRE
Status: PUBLISHED
Assigner: freebsd
Published:
Updated: 2026-06-27T09:22:23.307Z
Reserved: 2026-05-29T20:24:28.615Z
Link: CVE-2026-49414
Vulnrichment
No data.
NVD
No data.
Redhat
No data.
OpenCVE Enrichment
Updated: 2026-06-27T11:30:15Z