OpenBSD has a use-after-free allowing local privilege escalation to root(nvd.nist.gov)
270 points by linggen 23 hours ago | 144 comments
tl;dr: OpenBSD through 7.9 contains a use-after-free vulnerability in sys/kern/sysv_sem.c that enables local privilege escalation to root. The flaw occurs during a context switch after tsleep in sys_semget(). Notably, the referenced disclosure links to OpenAI's "Patch the Planet" initiative, suggesting the bug was discovered via AI-assisted vulnerability research.
HN Discussion:
  • Bug was discovered via OpenAI's Patch The Planet initiative with Trail of Bits
  • ~Finding only one bug reflects OpenBSD's strong security culture and diligence
  • Curious how OpenBSD's security record holds up against AI-driven vulnerability discovery
  • Questioning why this vulnerability isn't listed on OpenBSD's official security page
  • Wondering whether Rust would have prevented this memory safety issue