CVE-2026-32848

Vulnerability

A race condition exists in cryptodev_op() within the opencrypto subsystem of NetBSD prior to commit ec8451e. The vulnerability arises because mutable per-operation state is embedded in the csession struct, and the global mutex is released prematurely. On SMP systems, a local attacker can concurrently issue CIOCCRYPT operations on the same session identifier, leading to a double-free condition (CWE-415, CWE-362). This affects all NetBSD versions before the fix [1][3].

Exploitation

An attacker must have local access to the system and the ability to create multiple threads. The attacker opens /dev/crypto, creates a session, and then simultaneously submits multiple CIOCCRYPT ioctl calls on that session ID. The race window between session teardown (CIOCFSESSION) and operation execution allows the kernel to free the same memory twice, corrupting the heap [1].

Impact

Successful exploitation results in kernel heap corruption, which can cause a kernel panic (denial of service) or potentially lead to arbitrary code execution in kernel context, depending on the heap layout. The attacker gains the ability to corrupt kernel memory, which may enable privilege escalation [1][3].

Mitigation

The vulnerability is fixed in NetBSD commit ec8451e (2026-04-29). Users should update to a version containing this commit. No workarounds are documented, and the issue is not listed on the CISA KEV. If patching is not immediately possible, restricting local access to untrusted users may reduce risk [2].