OpenBSD has a use-after-free allowing local privilege escalation to root
- Security
- Open Source
- Infrastructure
- AI
The submission points to CVE-2026-57589, a kernel use-after-free in OpenBSD’s SysV semaphore code that affected releases through 7.9 and could be turned into a local privilege escalation to root. Several commenters tied the finding to Patch the Planet, a program where OpenAI models and Trail of Bits are used to hunt for bugs in open source software. That framing set the tone. People did not treat this as proof that OpenBSD is suddenly insecure. They treated it as a useful stress test for a codebase that has spent decades optimizing for simplicity, compartmentalization, and conservative engineering.
Treat this as evidence that AI-assisted review is now good enough to surface exploitable bugs even in security-first codebases, not as evidence that OpenBSD’s model failed. If you run infrastructure software, the practical move is to combine smaller attack surface, compartmentalization, and aggressive auditing rather than betting on any one language or brand of operating system.
-
nvd.nist.gov
- Discuss on HN