Out-of-bounds Read in Freebsd
CVE-2026-45258
dsp_mmap_single() validated the requested mapping by checking the sum of the user-supplied offset and length against the buffer size. This addition could overflow, so that a large offset and length wrapped around and passed the check. Th…
Vulnerability class: Buffer Overflow
EPSS: 0.002 (8.9th percentile) — read the EPSS interpretation.
Affected products
- Freebsd — versions 15.0-RELEASE, 14.4-RELEASE, 14.3-RELEASE
Weakness classification (CWE)
References
- secteam@freebsd.org (vendor-advisory)