{"id":"CVE-2026-57589","details":"sys/kern/sysv_sem.c in OpenBSD through 7.9 has a use-after-free allowing local privilege escalation to root. This is a context switch use-after-free after tsleep in sys_semget().","modified":"2026-07-15T10:20:26.015843Z","published":"2026-06-25T00:33:04.749Z","database_specific":{"cna_assigner":"mitre","cwe_ids":["CWE-416"],"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/57xxx/CVE-2026-57589.json","unresolved_ranges":[{"source":"AFFECTED_FIELD","extracted_events":[{"last_affected":"7.9"}]},{"extracted_events":[{"last_affected":"7.9"}],"source":"CPE_FIELD"},{"extracted_events":[{"fixed":"7.9"}],"source":"DESCRIPTION"}]},"references":[{"type":"WEB","url":"https://openai.com/index/patch-the-planet/"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/57xxx/CVE-2026-57589.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-57589"},{"type":"FIX","url":"https://github.com/openbsd/src/commit/1957873d2063db11dab780eca75b5e629d1e838d"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/openbsd/src","events":[{"introduced":"0"},{"fixed":"1957873d2063db11dab780eca75b5e629d1e838d"}],"database_specific":{"source":"REFERENCES"}}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-57589.json","vanir_signatures_modified":"2026-07-15T10:20:26Z","vanir_signatures":[{"target":{"file":"sys/kern/sysv_sem.c","function":"sys_semop"},"deprecated":false,"digest":{"length":4482,"function_hash":"322522058439886595400246179423491947660"},"id":"CVE-2026-57589-4bd71dc1","signature_type":"Function","signature_version":"v1","source":"https://github.com/openbsd/src/commit/1957873d2063db11dab780eca75b5e629d1e838d"},{"target":{"file":"sys/kern/sysv_sem.c","function":"sys___semctl"},"deprecated":false,"digest":{"function_hash":"217848115993372564629184086051722404493","length":4664},"id":"CVE-2026-57589-7ad2f6c9","signature_type":"Function","signature_version":"v1","source":"https://github.com/openbsd/src/commit/1957873d2063db11dab780eca75b5e629d1e838d"},{"deprecated":false,"digest":{"threshold":0.9,"line_hashes":["246977753910152082490402102698964155722","317646096474357844088852743309993275021","87078008400971334680872521007098857679","245007424401256764752822905108390153218","132664982630534295079210702511474876517","21386229908323182952762286090572928792","308740433960641023942030832484508175942","16100528326759486536341803186058009060","320956391631002828313118249876510265745","180494709440810280397140372773418911371","208116393288224367041651189505877664497","22756473304300170012163399562948405167","218182009093330258137907025001823043561","318521321850573865351492640571228660688","10372875205716579673555705696210709162","251987729312266987704704809244029796493","122592137314758518198640335851431656593","224641776587058124473425376049113891228","185999812870521975884777186199052488768","205771741375729781075387064863144796321","270558835633617591286201964366119865728","261231970962812574026781490508862650072","312530304793072823442118065829044242951","125178795847921584783558210789138635769","253234338494914562044213500121670136918","62961884794221227143307212103106410395","304995122179689051970131751154143678625","43398011405793115136336866099903385831","139295941448883808357085991659118641950","110813114980496223574110196470947079153","193085018170152109982160135998286731649","181903387670707269397357327743616158914","284016160273533981094399401372014495383","141181910649809643460195889878087015209","7252866061448483795177254983165965582","295698249843683099370424932521579882509","126224592342021386119421084162464026520","198909776071150735972470243951488290058","265507549754861792132670198633823554555","91824233168372372596429155855237179501","84776879150314264046349720652583204051","263356649969937464589220406694142960963","339166873134930138115929127528943465858","185999812870521975884777186199052488768","205771741375729781075387064863144796321","270558835633617591286201964366119865728","16722493684668916677564837566515899377","215733384204503883099402873649661045754","265105479939586438251309697237965540092","268984645784917287917523401713715944523","104549014838940316009108410493850972252","251055587330579404291670296787820573228","2695888797462626252359375467121586423","218542234021136039081326316591245515231","211514058433747321450048798185580362672","332681078219469989934815608315713885311","120467794564388427281884998589716920996","315434567663645254255952620283585264803","137282847793016849485051008575449854410","284508511261872461995811529019869000412","184897263923493832451962684353464210060","130507065731417997908150871147678863716","116768070323135134087595598607923270257"]},"id":"CVE-2026-57589-a675a916","signature_type":"Line","signature_version":"v1","source":"https://github.com/openbsd/src/commit/1957873d2063db11dab780eca75b5e629d1e838d","target":{"file":"sys/kern/sysv_sem.c"}},{"signature_version":"v1","source":"https://github.com/openbsd/src/commit/1957873d2063db11dab780eca75b5e629d1e838d","target":{"file":"sys/sys/sem.h"},"deprecated":false,"digest":{"threshold":0.9,"line_hashes":["124975675570749997501737053702904081520","207572255187672186130458408232740808367","68760473325506099253748643146440695933","199265464102050638554621294852772951584"]},"id":"CVE-2026-57589-e1be5ffd","signature_type":"Line"},{"signature_type":"Function","signature_version":"v1","source":"https://github.com/openbsd/src/commit/1957873d2063db11dab780eca75b5e629d1e838d","target":{"file":"sys/kern/sysv_sem.c","function":"sys_semget"},"deprecated":false,"digest":{"function_hash":"209250511749157705242263140350830741081","length":2675},"id":"CVE-2026-57589-eea483e8"}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}