In recent news, FreeBSD has addressed 7 vulnerabilities that could potentially allow remote code execution with root privileges or privilege escalation on the system. These vulnerabilities were patched in FreeBSD updates 15.0-RELEASE-p9, 14.4-RELEASE-p5, and 14.3-RELEASE-p14.
One of the vulnerabilities, identified as CVE-2026-45255, involved the bsdinstall installer and bsdconfig not properly escaping special characters in a shell script related to listing available wireless networks. This flaw could be exploited by an attacker to execute shell commands with root privileges on a user’s system.
Another vulnerability, known as CVE-2026-45250, stemmed from a stack overflow in the setcred system call, allowing local unprivileged users to run code at the kernel level. This issue was caused by incorrect buffer size checking.
There was also a vulnerability related to access to freed memory (CVE-2026-45251) in select and poll system calls, which could be exploited by unprivileged users to execute code at the kernel level if a file descriptor was closed prematurely.
Additionally, FreeBSD addressed a vulnerability (CVE-2026-45253) resulting from inadequate parameter checks in the ptrace system call during PT_SC_REMOTE operation. This flaw could allow unprivileged users to execute arbitrary code in the kernel.
These critical vulnerabilities have been patched, but FreeBSD users are urged to update their systems to the latest versions to ensure security and protect against potential exploitation.