What is GHSA-5qv9-q5h2-c748?

GHSA-5qv9-q5h2-c748 is a security advisory published by GitHub Security Advisories with Medium severity. NetBSD prior to commit ec8451e contains a race condition vulnerability in cryptodev_op() within...

Which CVE IDs does GHSA-5qv9-q5h2-c748 cover?

GHSA-5qv9-q5h2-c748 covers the following CVE IDs: CVE-2026-32848. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-5qv9-q5h2-c748?

GHSA-5qv9-q5h2-c748 has a CVSS v3 base score of 4.7, published by GitHub Security Advisories.

GHSA-5qv9-q5h2-c748MediumCVSS 4.7

NetBSD prior to commit ec8451e contains a race condition vulnerability in cryptodev_op() within...

Vendor

GitHub Security Advisories

Published

May 18, 2026

Last Modified

May 18, 2026

🔗 CVE IDs covered (1)

CVE-2026-32848 →

📋 Description

NetBSD prior to commit ec8451e contains a race condition vulnerability in cryptodev_op() within the opencrypto subsystem that allows local attackers to trigger a double-free condition by concurrently issuing CIOCCRYPT operations on the same session identifier on SMP systems. Attackers can exploit mutable per-operation state embedded in the csession struct to corrupt kernel heap memory.

🔗 References (5)

https://nvd.nist.gov/vuln/detail/CVE-2026-32848
https://github.com/NetBSD/src/commit/ec8451efc1565516aba9e7047e1a1a1ce7953a2f
https://nasm.re/posts/uaf_netbsd_crypto
https://www.vulncheck.com/advisories/netbsd-cryptodev-race-condition-double-free-via-cryptodev-op
https://github.com/advisories/GHSA-5qv9-q5h2-c748