Security
OpenBSD sysv_sem use-after-free allows local root
- Category: Security
- Status: confirmed
- Sources: NVD
- Summary: CVE-2026-57589 is a use-after-free in
sys/kern/sysv_sem.cin OpenBSD through 7.9 that allows local privilege escalation to root through a context-switch use-after-free aftertsleepinsys_semget(). It is rated CVSS 7.4. NVD published it on 2026-06-24 and references fix commit 1957873d2063, with no patched release named. The item reached the Hacker News front page on 2026-07-08. No active exploitation is reported. The CISA Known Exploited Vulnerabilities catalog is unchanged since 2026-07-07 (version 2026.07.07, count 1635), with no new additions today. - Why it matters: It extends the run of local privilege-escalation disclosures across kernels this month from Linux to OpenBSD, and OpenBSD has no named errata release for it yet.
- Follow-up: Watch for a named OpenBSD errata or release carrying the fix and any backport to 7.9 and earlier.