OpenBSD has a use-after-free allowing local privilege escalation to root

271 points · 144 comments on HN · read original →

Points and comments are a snapshot, not live.

OpenBSD through 7.9 has a use-after-free in sysv_sem.c allowing local privilege escalation to root.

The vulnerability is a context-switch use-after-free after tsleep in sys_semget(). It is assigned CVE-2026-57589 with a CVSS v3.1 base score of 7.4 (HIGH). The issue was found as part of OpenAI's Patch the Planet initiative, using AI models to audit open-source projects. A fix commit is available in the OpenBSD source repository.

What commenters are saying

Commenters note this is a local privilege escalation, not a remote hole, so it does not contradict OpenBSD's long-standing security claim. Some express skepticism about AI-discovered bugs, citing previous false positives. Others point out that OpenBSD's smaller codebase and heavy use of pledge(2) may limit exposure, and that the bug was found by an automated tool rather than manual audit.