CVE-2026-15449 in illumos情報

要約

〜によって MITRE • 2026年07月16日

A time-of-check to time-of-use (TOCTOU) flaw in the illumos data-link pseudo-driver (dld) affects handling of the DLDIOC_GETMACPROP and DLDIOC_SETMACPROP ioctls on /dev/dld. drv_ioc_prop_common() in usr/src/uts/common/io/dld/dld_drv.c copies the dld_ioc_macprop_t ioctl header in once to read its pr_valsize field, sizes and allocates a kernel heap buffer from that value, and then copies the full request in a second time from the same unprivileged user address. A concurrent thread can enlarge pr_valsize between the two copyins, so the second copyin and the subsequent property handling write beyond the end of the undersized allocation and corrupt the kernel heap. An unprivileged local user, including one confined to a non-global zone that owns a datalink, can trigger this to panic the system. The resulting kernel heap corruption may be usable for further compromise.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

責任者

Illumos

予約する

2026年07月10日

モデレーション

承諾済み

エントリ

VDB-379634

EPSS

0.00000

アクティビティ

低い

ソース

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!