Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <20260521205333._LNHlSaf@steffen%sdaoden.eu>
Date: Thu, 21 May 2026 22:53:33 +0200
From: Steffen Nurpmeso <steffen@...oden.eu>
To: oss-security@...ts.openwall.com
Subject: Re: CVE-2026-45250: FreeBSD setcred(2) stack
 overflow -> local privilege escalation (FatGid)

Przemyslaw Frasunek wrote in
 <63a2f265-6bbd-4799-b33d-1e9939d5c004@...sunek.com>:
 |A kernel stack buffer overflow exists in the setcred(2) system call
 |introduced in FreeBSD 14.x.  The overflow occurs before any privilege
 |check, allowing any unprivileged local user to trigger anything from a
 |kernel panic to full local privilege escalation.
 ...
 |   Not affected:
 |         FreeBSD main (silently fixed in commit 000d5b5, 2025-11-27)

You mean 4cd93df95e (2025-11-14), then got fixed by the mentioned
due to some other problem.

--steffen
|
|Der Kragenbaer,                The moon bear,
|der holt sich munter           he cheerfully and one by one
|einen nach dem anderen runter  wa.ks himself off
|(By Robert Gernhardt)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.