Flaw in Linuxulator execution of setugid binaries
Summary
| CVE | CVE-2026-49413 |
|---|---|
| State | PUBLISHED |
| Assigner | freebsd |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2026-06-27 09:16:24 UTC |
| Updated | 2026-06-27 09:16:24 UTC |
| Description | The Linuxulator determined whether a binary was set-user-ID or set-group-ID by checking the P_SUGID process flag. During execve(2), this flag is not yet set at the point where the auxiliary vector is constructed, so AT_SECURE was incorrectly set to zero for set-user-ID and set-group-ID executables. An unprivileged local user can inject a shared library via LD_PRELOAD into a set-user-ID or set-group-ID Linux binary, gaining the privileges of that binary. |
Risk And Classification
Problem Types: CWE-266 | CWE-266 CWE-266: Incorrect Privilege Assignment
Vendor Declared Affected Products
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| security.freebsd.org/advisories/FreeBSD-SA-26:30.linux.asc | [email protected] | security.freebsd.org | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
Discovery Credit
CNA: Minseong Kim of NSHC Red Alert Labs (en)
There are currently no legacy QID mappings associated with this CVE.