Connect with us

Hi, what are you looking for?



FreeBSD Patches Kernel Security Vulnerabilities

Researchers at Core Security Technologies issued an advisory today on three vulnerabilities in affecting the FreeBSD operating system.

Researchers at Core Security Technologies issued an advisory today on three vulnerabilities in affecting the FreeBSD operating system.

FreeBSD is a Unix-like operating system used to power servers, desktops and embedded platforms. According to the advisory from Core Security, several vulnerabilities were spotted in the FreeBSD kernel code that implements the vt console driver previously known as Newcons as well as the code the implements Stream Control Transmission Protocol [SCTP] sockets. These issues could enable a local, unprivileged attacker to crash the system, disclose kernel memory containing sensitive information and execute arbitrary code with super user privileges.

The FreeBSD Project issued fixes for the issues that are available to users who upgrade to FreeBSD 10.1-RELENG or one of the following reasons: stable/10, 10.1-STABLE releng/10.1, 10.1-RELEASE-p5 releng/10.0, 10.0-RELEASE-p17 stable/9, 9.3-STABLE releng/9.3, 9.3-RELEASE-p9 stable/8, 8.4-STABLE releng/8.4 and 8.4-RELEASE-p23.

The first vulnerability is a sign conversion error in the vt console when handling the VT_WAITACTIVE ioctl message. The issue can be used by a local unprivileged attacker to make the kernel access an array outside of its boundaries, according to Core Security.

“This sign conversion error will make possible for a local attacker to bypass the subsequent boundary check that tries to ensure that i is not greater than VT_MAXWINDOWS before using it as an index to access the vd->vd_windows array,” the advisory notes. “This flaw can be leveraged by a local attacker to make the kernel access the vd->vd_windows array outside of its boundaries.”

The second bug is a memory corruption issue.

“The FreeBSD kernel is prone to a memory corruption vulnerability when setting the SCTP_SS_VALUE SCTP socket option via the setsockopt system call,” according to the Core Security advisory. “This vulnerability can be leveraged by a local unprivileged attacker to corrupt kernel memory with an arbitrary 16-bit value.”

Advertisement. Scroll to continue reading.

The final issue is a kernel memory disclosure and corruption issue. According to an advisory released by the FreeBSD Project, the SCTP protocol provides reliable, flow-controlled, two-way transmission of data.

“It is a message oriented protocol and can support the SOCK_STREAM and SOCK_SEQPACKET abstractions,” the Project notes. “SCTP allows the user to choose between multiple scheduling algorithms to optimize the sending behavior of SCTP in scenarios with different requirements.”

“Due to insufficient validation of the SCTP stream ID, which serves as an array index, a local unprivileged attacker can read or write 16-bits of kernel memory,” the FreeBSD advisory continues.

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...


The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.


Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.


Apple has released updates for macOS, iOS and Safari and they all include a WebKit patch for a zero-day vulnerability tracked as CVE-2023-23529.

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

IoT Security

A vulnerability affecting Dahua cameras and video recorders can be exploited by threat actors to modify a device’s system time.