• Category: Security
  • Status: confirmed
  • Sources: NVD
  • Summary: CVE-2026-57589 is a use-after-free in sys/kern/sysv_sem.c in OpenBSD through 7.9 that allows local privilege escalation to root through a context-switch use-after-free after tsleep in sys_semget(). It is rated CVSS 7.4. NVD published it on 2026-06-24 and references fix commit 1957873d2063, with no patched release named. The item reached the Hacker News front page on 2026-07-08. No active exploitation is reported. The CISA Known Exploited Vulnerabilities catalog is unchanged since 2026-07-07 (version 2026.07.07, count 1635), with no new additions today.
  • Why it matters: It extends the run of local privilege-escalation disclosures across kernels this month from Linux to OpenBSD, and OpenBSD has no named errata release for it yet.
  • Follow-up: Watch for a named OpenBSD errata or release carrying the fix and any backport to 7.9 and earlier.

Send feedback on this story