I am frequently asked what exactly it is that I do. The short answer: I develop software and administrate systems, mainly those under FreeBSD. The longer answer is this post.
My occupation moves in between software development, infrastructure and system architecture. I help with constructing systems or stabilizing them in order for them to work long-term – technically sound, comprehensible and maintainable.
Software Development: Quality instead of quantity
In my blog articles about software development I wrote a lot about what goes wrong in companies: Unreadable code, missing architecture, technical debts that no one touches anymore, and the focus on processes instead of the product itself. This is no abstract critique, but things that I, over the course of many years in different companies, experienced up close and personal.
The result is what I offer: Clean, comprehensible and maintainable software. Code that can still be understood by someone in five years. I have acquired a lot of experience in different programming languages – from system-oriented programming up to complex GUI-Applications with Qt and wxWidgets. Databases (especially PostgreSQL) as well as client-server architecture and network programming are also included.
If you manage a project that went off the rails, which was developed by one singular person and that no one can make sense of now or if you are in the desperate need of a new architecture- then I am the right person to turn to.
FreeBSD has been with me since Version 4, which means since over two decades. My own servers run on it, I have experience with ZFS with RAIDz, FreeBSD-Jails, Bhyve, pf, CARP, HAST and the common network services (DNS, DHCP, NTP, NFS, Samba, LDAP and others) because of daily practice – not only through documentation.
What I solve and what I offer: You need a stable, secure server or a scalable server infrastructure under FreeBSD? You want to isolate services in Jails? You manage a running system that is in need of care or extension, expansion or add-ons? Or you stand before a specific problem that seems without solution? I am fairly acquainted with such situations – and in finding pragmatic solutions.
For companies
If you are reading this in the interest of a company: I merge software development with system administration. I am no specialist who tweaks only one screw but someone who understands systems as a whole. I have worked in companies were both were of importance and I know of the relevance of development and infrastructure fitting together to paint the whole picture.
I appreciate a corporate culture in which mistakes are understood as a learning opportunity, skills are used sensibly and where the product is the main focus – not the management of tickets. If you share these views, we should talk: thorsten@tgeppert.de.
Date: July 13, 2026 Period: Monday, July 6 – Sunday, July 12, 2026
Security: 13 Advisories Released June 30
The biggest security news of the past two weeks landed on June 30, when FreeBSD published 13 security advisories (SA-26:37 through SA-26:49) addressing multiple critical vulnerabilities. Key highlights:
SA-26:40.zfs – OpenZFS Vulnerabilities (CVE-2026-49429, CVE-2026-49430): Input controls truncate 64-bit buffer sizes to 32-bit integers during memory allocation but use the original 64-bit size for memory writes. This size mismatch triggers kernel heap overflows. Systems using ZFS delegation features are at highest risk.
SA-26:41.libalias – Buffer Overflow in RTSP Handler (CVE-2026-49420): The libalias RTSP handler writes rewritten packets into a fixed-length stack buffer without checking whether the data actually fits. A remote attacker could use crafted RTSP traffic to take over a NAT gateway.
SA-26:43.tcp – Use-After-Free in TCP RACK Stack (CVE-2026-49422): The option handler drops a connection lock to copy user data from userspace, then reacquires it but fails to reload a stale pointer. Rapidly switching stacks during this window leaves a dangling memory reference.
SA-26:44.posixshm – POSIX Largepage Object Vulnerabilities: The system frees underlying memory pages when sendfileis used with a specific flag, while active mappings still reference the freed memory. Local attackers can access freed kernel memory.
SA-26:46.ktls – Remote DOS via Uninitialized Memory in KTLS Receive: Another KTLS vulnerability (following CVE-2026-45257, which enabled local root access). The receive path accesses uninitialized memory, which can cause a crash.
SA-26:48.compat32 – Heap Disclosure in compat32 kevent() Handler: The 32-bit compatibility kevent handler can expose uninitialized kernel memory to user processes.
SA-26:49.iconv – Multiple Vulnerabilities in iconv(3)
All advisories affect FreeBSD 14.x and 15.x. Administrators should update their systems promptly. Systems not loading specific modules are partially unaffected; workarounds include disabling libalias, unloading the TCP RACK module, and restricting unprivileged ZFS access.
In the Source Tree: Developer Commits This Week
On the main branch (FreeBSD 16-CURRENT), several notable commits landed:
pf: revert netlink commands back to enum (Gleb Smirnoff): The pf netlink interface was refactored; commands were changed from macros back to an enum format for better maintainability.
libc/resolv: Refactor the option parser (Dag-Erling Smørgrav): The resolver option parser was overhauled, dead code removed, and style cleaned up.
libsysdecode: Teach mktables to handle enums (Dag-Erling Smørgrav): The table generation tool can now process enum values.
inotify.2: Fix formatting and lint (Mark Johnston): The inotify manpage received formatting fixes.
pdfork.2: grammar (Konstantin Belousov): A small but clean documentation improvement.
D56976: Fix heap disclosure in compat7 kern.proc.filedesc sysctl (emaste): A Phabricator review closing a memory leak bug in compatibility code.
In the ports tree: – www/deno: Improve port (VVD, delphij): The Deno port received dependency fixes, PREFIX/LOCALBASE cleanup, and three patch correctness bugs were fixed.
Blog Posts and Community Contributions
“Moving to FreeBSD from Linux” (Kuon, July 2)
A long-time Mac OS and later Linux user (10 years of Arch Linux with Sway/Wayland) describes their switch to FreeBSD as a daily driver. After a Linux kernel update broke their keyboard, they installed FreeBSD and have been happy for 6 months. Missing pieces: OBS browser source and AnyDesk/RustDesk (workaround: VM). Their verdict: “It works.” and the community has been very welcoming.
“Why FreeBSD Appears to Eat Your RAM (and Why It Doesn’t Matter)” (SourceFeed, July 4)
An excellent technical deep-dive into FreeBSD memory management. It explains why btop and fastfetch report wildly different memory usage on the same system (btop treats wired memory as “used,” fastfetch counts inactive+cache as “free”). The article covers page queues (Active, Inactive, Laundry, Wired, Free) and ZFS ARC — and why nearly free memory on a healthy FreeBSD system trends toward zero (by design).
“Upgrading FreeBSD 15.0 to 15.1: The Official Paths” (Larvitz Blog)
A detailed guide for upgrading from 15.0-RELEASE to 15.1-RELEASE via both official paths: freebsd-update (distribution-set) and pkg (packaged-base). Particularly useful: the pkg which /usr/bin/uname distinction, the boot-loader update sequence, and the note about the June 30 errata. Updated on July 2 with the correct boot-loader procedure.
A guide to installing and setting up a GitLab server on FreeBSD. Compares GitLab with Gitea as on-premises alternatives to GitHub. Includes notes on Nginx, ZFS, and GELI-encrypted VMs.
“Review: FreeBSD 15.1 with an install-time desktop” (Tux Machines, July 6)
A review of the new desktop installation option in FreeBSD 15.1, which lets you set up KDE directly during installation. FreeBSD 15.1 also received improved WiFi support (Linux 7.0 WLAN drivers) and a boot-time scheduler switch.
“FreeBSD Foundationals: The Boot Process” (Larvitz Blog)
Third installment of a FreeBSD fundamentals series: from the loader through kernel boot to boot environments. Ideal for newcomers wanting to understand how FreeBSD starts up.
Interview: FreeBSD Core Team Contributor 2026 (freebsd-howto.com)
An in-depth two-hour interview with Marcus Hellberg, kernel engineer and core team member. Topics include the 14.x consolidation cycle, the WITHOUTASLR removal (ASLR is now non-optional), OpenZFS synchronization practices, and the jails roadmap. Notable quote on the ASLR debate: *”Removing WITHOUTASLR was a statement: this is not optional anymore.”* On the future of jails: standardized image formats and better orchestration tooling are on the wish list.
FreeBSD 15.1-RELEASE was announced on June 16, 2026. In the weeks following, upgrade guides and first-hand reports dominated the community. Key new features in 15.1:
WiFi drivers from Linux 7.0 (iwlwifi and others)
Boot-time CPU scheduler switch (no longer compile-time only)
KDE desktop installation option in the installer
Improved laptop support (suspend/resume, better WiFi)
C23 compiler support in the standard toolchain
Support timeline: 15.1 is supported until March 31, 2027. 15.0 reaches EOL on September 30, 2026.
Valuable News – July 7, 2026 (vermaden)
The weekly “Valuable News” roundup from vermaden covers: FreeBSD boot process fundamentals, running pkgbasify on FreeBSD 15.1, upgrading from 15.0 to 15.1, and more community topics.
With 13 critical security vulnerabilities patched at the end of June, the most urgent task for all FreeBSD administrators is: update your systems. The 15.0 EOL is approaching (September 30), making an upgrade to 15.1 strongly recommended. Community discussions around desktop experience, memory monitoring, and jails orchestration show that FreeBSD continues to mature as both a workstation and server platform.
This has been one of the most eventful weeks in recent FreeBSD history: a new release, a new Core Team, a graphics driver milestone, and a proposal to overhaul the service manager. Here’s the roundup.
FreeBSD 15.1-RELEASE Is Here
The biggest news of the week: FreeBSD 15.1-RELEASE was announced on June 16 – the second release of the stable/15 branch. The release was originally planned earlier but delayed by two weeks.
Highlights include:
WiFi drivers now based on Linux v7.0 (iwlwifi and other LinuxKPI-based drivers)
Boot-time scheduler selection via kern.sched.name tunable
C23 progress: significant strides toward complete C23 language support
Unicode 17.0.0 with 4,803 new characters and CLDR 48
Cloud images with pkgbase now include pkg(8) and support automatic base system package updates on first boot
OpenZFS 2.4.2 and OpenSSL 3.5.6
Intel LASS support (Linear Address Space Separation) on AMD64
DTrace on 32-bit PowerPC and PowerPC64LE
The release is dedicated to the memory of Peter G. Neumann, a longtime collaborator on capability-based security
The release notes also include numerous base system changes: find(1) now supports -xattr and -xattrname, bectl(8) can create empty boot environments (-E), cron(8) gains full PAM session lifecycle support, and the default root shell has changed from csh to sh.
New Core Team (core.14) Elected
On June 24, the 2026 FreeBSD Core Team election results were announced. The nine elected members of the fourteenth Core Team are:
Warner Losh (imp)
Baptiste Daroussin (bapt)
Gleb Smirnoff (glebius)
Kyle Evans (kevans)
Adrian Chadd (adrian)
Joseph Mingrone (jrm)
Hiroki Sato (hrs)
Adam Weinberger (adamw)
Olivier Cochard (olivier)
A bylaws amendment was also passed, tentatively taking effect with the 2028 election at the new core team’s discretion. The transition plan will be shared soon.
Outgoing core.13 members: Li-Wen Hsu, Allan Jude, Tobias C. Berner, Dave Cottlehuber, and Mathieu Arnold. Dag-Erling Smørgrav ran a flawless election.
Graphics Port Upgraded to Linux 6.12
The FreeBSD Foundation announced on June 16 that the drm-kmod port now includes the Linux 6.12 LTS graphics driver. This update brings:
Better compatibility with modern AMD Radeon and Intel graphics hardware
Improved Wayland compatibility
Enhanced graphics stability and security
Linux 6.12 is a CIP SLTS kernel (Super Long Term Support through 2036)
The update requires FreeBSD 15.1 or later.
FreeBSD 14.3 Reaches End-of-Life
The FreeBSD Security Officer announced on June 20 that FreeBSD 14.3 reaches end-of-life on June 30, 2026, after which it will no longer receive security support. Users should upgrade immediately.
After June 30, the supported branches and releases are:
Branch
Release
Estimated EoL
stable/15
—
December 31, 2029
releng/15.1
15.1-RELEASE
March 31, 2027
releng/15.0
15.0-RELEASE
September 30, 2026
stable/14
—
November 30, 2028
releng/14.4
14.4-RELEASE
December 31, 2026
rcd(8) – A New Service Manager for FreeBSD
On June 14, Baptiste Daroussin opened a discussion on freebsd-hackers about rcd(8), a new service manager daemon he’s been working on for years. The discussion continued throughout this week.
Key features:
Parallel boot via dependency DAG (no more serial rc.d execution)
Process tracking via pdfork(2) descriptors (no PID file races)
Subreaper via procctl(2) (no orphaned process escape)
Socket activation (pre-bound sockets passed via fd inheritance)
Resource control per service via rctl(2)
Service isolation via native jail(2) integration
OOM protection via procctl(2) PROC_SPROTECT
UCL-based unit files (JSON Schema validated)
Embedded Lua interpreter for inline service hooks
Template units for per-instance services (e.g., dhclient@em0)
Safe in-place binary upgrade (SIGUSR1: save state, re-exec)
User interface: rcctl(8), familiar from OpenBSD but with FreeBSD-specific implementation.
100% backward compatibility is a hard requirement. rcd scans existing rc.d scripts, parses their PROVIDE/REQUIRE/BEFORE/KEYWORD headers, reads rc.conf, and wraps each script as a virtual “legacy” unit. The migration path is gradual: rc.d scripts will be converted to native UCL unit files at each maintainer’s pace, with no deadline.
The mailing list discussion was intense, with comparisons to launchd and debates over compatibility, daemon supervision, and the migration path.
OpenZFS Merge and ZFS Improvements
On June 27, the OpenZFS merge (commit d0b3ecd) was integrated into the FreeBSD main branch. The change spans +6,983/-2,497 lines across 161 files, pulling in upstream PRs including #18509.
Additionally, on June 25, zfsd spare selection was improved (commit 6aaaf7b), porting OpenZFS PRs #18597 and #18578 from zed to zfsd. Spare selection now considers optimal spare distribution across pools.
pkgbasify – Making the Switch to pkgbase Easy
On June 24, Dag-Erling Smørgrav (des) published a blog post showing how to convert a FreeBSD 15 system to packaged base (pkgbase) with a single command:
He walks through enabling the FreeBSD-base repository, creating a boot environment, and notes minor issues like pkg leaf not accounting for shared library dependencies.
Praetorian published a detailed blog post on June 17 describing how their team used Claude Opus 4.6 and Claude Code to find eight FreeBSD kernel vulnerabilities – including CVE-2026-3038, a stack overflow enabling jail escapes. This underscores the significance of the FreeBSD Foundation’s AI-assisted Vulnerability Discovery Project, launched June 15 with $250k funding from Alpha Omega.
Security Advisories (9 Advisories, June 9)
While these advisories originated in the previous week, they remain relevant:
Advisory
Module
Topic
SA-26:26.ktls
Kernel
Arbitrary file overwrite via KTLS receive path
SA-26:27.sound
Kernel
Multiple vulnerabilities in sound(4) mmap path
SA-26:29.ip6_multicast
Kernel
Use-after-free in IPV6_MSFILTER socket option
SA-26:30.linux
Kernel
Flaw in Linuxulator execution of setugid binaries
SA-26:31.arm64
Kernel
ARM CPU errata may bypass page table permission changes
SA-26:32.elf
Kernel
ASLR bypass for setuid executables via procctl(2)
SA-26:33.unbound
Contrib
Multiple vulnerabilities in unbound
SA-26:34.vt
Kernel
Integer overflow in vt(4) CONS_HISTORY ioctl
SA-26:35.openssl
Contrib
Multiple vulnerabilities in OpenSSL
SA-26:36.ldns
Contrib
Insufficient response validation in ldns stub resolver
All advisories affect FreeBSD 14.x and 15.x. Users should run freebsd-update immediately.
Other Developments
OFED update (June 24): Various changes from Linux 4.17 merged into the InfiniBand/driver code
ng_socket leak fixed (June 26): Gleb Smirnoff closed a node reference leak in ng_socket
cpufreq format fix (June 25): Fix for incorrect formatting, contributed at the Halifax Hackathon
BSD Now 669 (June 26): Covered native inotify support in FreeBSD and Poudriere optimization
Vermaden’s Valuable News (June 22): Comprehensive weekly roundup with many FreeBSD links
Klara Systems: Articles on native inotify in FreeBSD and ZFS performance without hardware upgrades
Bottom Line
Week 26 was one of the densest in recent memory for FreeBSD: a new major release, a newly elected Core Team, a significant graphics driver jump, the unveiling of a new service manager proposal, and an EoL deadline for 14.3. If you’re still on 14.3, upgrade now – the clock runs out on June 30.
This week belonged to FreeBSD: the 15.1 release, a massive security advisory batch, a new AI-assisted vulnerability project, and the end-of-life announcement for 14.3 — plenty to digest.
FreeBSD 15.1-RELEASE Is Here
The big headline: on June 16, the Release Engineering Team published FreeBSD 15.1-RELEASE. A critical x86 bootloader bug had delayed it by two weeks, but the second release from the stable/15 branch is now available.
Key changes in 15.1
WiFi drivers updated to Linux 6.7/7.0 level: The LinuxKPI-based wireless drivers (iwlwifi and others) have been brought up to the Linux kernel 7.0 level, delivering significantly better compatibility with modern WiFi hardware — especially Intel chipsets and select MediaTek/Realtek devices.
C23 support progresses: The compiler and standard library have made further strides toward full C23 compliance.
Graphics drivers upgraded to Linux 6.12 (LTS): The FreeBSD Foundation announced that the drm-kmod port now includes the Linux 6.12 graphics driver, an LTS kernel with planned maintenance through 2036 (CIP program). This brings better compatibility with current AMD Radeon and Intel GPUs and improved Wayland support. Available for FreeBSD 15.1 onward.
Other notable changes in 15.1:
OpenPAM moved to a separate FreeBSD-pam package (pkgbase)
Zstandard/zstd(1) moved to a separate FreeBSD-zstd package
installworld/installkernel blocked on pkgbase systems to prevent database inconsistencies
Default shell for root and the freebsd user in release images changed from csh(1) to sh(1)
find(1) gains -xattr and -xattrname primaries for searching by extended attributes (sponsored by Klara Systems)
newfs(8) now prevents simultaneous GEOM journaling and soft updates; new -u flag to disable soft updates
bectl(8) new -E flag to create empty boot environments without cloning
zfs clone supports -u to prevent automatic mounting of new datasets
ipfs(8) disabled by default; kernel support now optional
New keyboard layouts: us.intl.acc.kbd and Lenovo laptop keymap for vt(4)
diff3(1) merge mode now GNU-compatible
pwd(1) defaults to -L (logical), following POSIX semantics
On June 15, the FreeBSD Foundation announced the AI-assisted Vulnerability Discovery Project, funded by a $250,000 grant from the Linux Foundation’s Alpha Omega initiative (backed by Anthropic, AWS, GitHub, Google, Microsoft, and OpenAI).
Key points:
Focus initially on the kernel, then userland and ports
AI used for discovery and analysis only; all patches are manually crafted
Netflix, NetApp, and Verisign supporting testing and validation
The project responds to the flood of AI-generated vulnerability reports overwhelming the volunteer security team
Coinciding with this, Praetorian published a detailed blog post about their own AI-powered research: using Claude Code (Opus 4.6), they found eight FreeBSD kernel vulnerabilities in just days, including CVE-2026-3038 (a stack overflow in the route subsystem, already patched in SA-26:05.route). The other seven are still being processed. The post walks through their methodology — from source analysis to crash reproduction to exploit development with jail escape.
FreeBSD 14.3 Reaches End-of-Life
On June 20, the Security Team announced that FreeBSD 14.3 reaches end-of-life on June 30, 2026 — no more security patches after that. Users should upgrade to 14.4 or 15.1. The stable/14 branch will remain maintained until November 2028.
Blog Posts and Community
pkgbasify — converting to packaged base elegantly: Dag-Erling Smørgrav (blog.des.no) describes his approach to converting FreeBSD 15.1 systems from distribution sets to pkgbase with a single pkg install command. He critiques the Foundation’s official pkgbasify script and offers a more direct alternative. If you’ve been meaning to try pkgbase, this is a practical guide.
Native inotify in FreeBSD: Klara Systems published a deep dive into the limitations of EVFILT_VNODE/kqueue for file monitoring and why FreeBSD needs a native inotify implementation. The existing libinotify userspace wrapper suffers from race conditions and scalability issues — the article explains the technical details and proposes solutions.
ZFS Vendor Import: Chris Longros reports that his ZFS commits have been upstreamed into the FreeBSD tree — a small but important milestone for ongoing ZFS maintenance.
In the Source Tree
Selected commits from the past week:
FORTIFY_SOURCE overrides: Kevans implements per-file FORTIFY_SOURCE overrides in the build system — a step toward more robust buffer checks in the base system
rename(2): Kostik Belousov prevents renaming the root vnode of a mounted filesystem (security fix)
renameat(2): Signal check added in retry loops
NFS va_flags fix: Correction for the case where va_flags are being cleared
lsof: Fix for building on 16-CURRENT (malloc.h conflict)
APEI: More information provided on fatal hardware errors
Summary
This week was dominated by the FreeBSD 15.1 release — one that noticeably improves laptop and desktop viability (WiFi, graphics, better suspend/resume). At the same time, the flood of security advisories and the new AI vulnerability project underscore how much the threat landscape is shifting: AI tools are drastically lowering the barrier to vulnerability discovery, and FreeBSD is responding in kind. Anyone still on 14.3 needs to act by June 30 at the latest.
The single most important development this week was the security advisory batch released on June 9, 2026, which brought no fewer than nine advisories — several rated core with critical impact:
The Most Severe Vulnerabilities
SA-26:25.thr – Missing permission check in thr_kill2(2). An unprivileged local user could send signals to arbitrary processes, even across jail boundaries. Discovered by researchers at Tsinghua University using GLM-5.1 (Z.ai) — a notable case of AI-assisted security research. CVE-2026-45256
SA-26:26.ktls – Arbitrary file overwrite via the KTLS receive path. Through KTLS decryption on non-anonymous mbufs (via sendfile(2) + loopback), a local user could overwrite file contents including setuid binaries — achieving full privilege escalation. No workaround available. CVE-2026-45257, category: core.
SA-26:27.sound – Two mmap vulnerabilities in the sound(4) driver (CVE-2026-45258, CVE-2026-49417) allowing unprivileged local users to read/write kernel memory via /dev/dsp, enabling privilege escalation.
SA-26:28.capsicum – sigqueue(2) lacked a Capsicum mode check, allowing sandboxed processes to send signals to other processes, bypassing Capsicum restrictions.
SA-26:30.linux – The Linuxulator incorrectly set AT_SECURE to zero for setuid/setgid Linux binaries. Unprivileged users could inject shared libraries via LD_PRELOAD and escalate privileges.
SA-26:29.ip6_multicast – Vulnerability in IPv6 multicast processing.
SA-26:31.arm64 – Arm CPU errata may bypass page table permission changes. Affected models include numerous Cortex-A/Neoverse chips (A76, A77, A78, A710, X1, X2, X3, X4, N1, N2, V1, and more). No workaround. CVE-2025-10263
Bottom line: Anyone running FreeBSD in production should patch and reboot immediately — the ktls and thr vulnerabilities are particularly critical.
FreeBSD 15.1-RELEASE: Tomorrow, Finally!
After two unplanned release candidates, FreeBSD 15.1-RC3 was published on June 6. The only but critical fix addressed the x86 boot loader / kernel handover: the system could hang during boot, especially when Intel microcode updates were being loaded.
The RELEASE date is now set for June 16, 2026 — tomorrow, barring further delays.
What 15.1 Brings
Highlights from the release notes:
OpenPAM and Zstandard (zstd) moved into separate pkgbase packages
installworld/installkernel blocked on pkgbase systems to prevent package database inconsistencies
Default shell for root and freebsd user: now sh(1) instead of csh(1)
find(1) gains -xattr and -xattrname for extended attribute searches
bectl(8) gains -E flag to create empty boot environments
zfs clone gains -u to prevent automatic mounting
newfs(8) gains -u flag to disable soft updates
daemon(8) supports configurable file modes for log output
diff3(1) now GNU-compatible in merge mode
setaudit(8) added as a new utility for audit policies
ipfs(8) disabled by default, kernel support now optional
DTrace probes support on PowerPC architectures
sched_ule implemented as a scheduler instance
Updated OpenZFS support
Oracle Cloud Infrastructure build targets removed
Graphics Drivers: drm-kmod Updated
On June 10, Jean-Sébastien Pédron (dumbbell) updated the DRM drivers in the Ports tree — commit messages indicate a version bump to Linux 6.12.85 (matching the recently released drm_v6.12.85_2). Anyone needing current Intel/AMD graphics should update their drm-*-kmod packages.
Blog Posts of the Week
“Native inotify in FreeBSD” (Klara Systems)
Klara Systems published an in-depth article on the shortcomings of the userspace inotify implementation (libinotify.so) on FreeBSD. The library translates inotify calls into kqueue/EVFILT_VNODE, which leads to sporadically missing CLOSE events. The article compares the inotify and kqueue APIs and discusses how a native kernel inotify implementation could resolve these reliability issues.
“FreeBSD Jails” (Tom’s IT Cafe, June 5)
Another contribution covering FreeBSD Jails as a container isolation technique — a classic topic that keeps getting refreshed.
Ports & Packages
lang/libobjc2 updated to version 2.3
kf6-*: Portlint fixes across the KDE Framework 6 series
Ports Q2 branch (2026Q2) was created in early April and is active; the next quarterly package update is in preparation
Looking Ahead
June 16: Scheduled RELEASE date for FreeBSD 15.1
Q2 Status Report: The submission deadline for the FreeBSD quarterly status report (April–June) was June 14 — the report should appear in the coming weeks
The massive security batch demonstrates that AI-assisted security research is having real-world impact (GLM-5.1 found the thr_kill2 vulnerability)
A third release candidate for FreeBSD 15.1, critical x86 bootloader bugs, a flood of AI-discovered vulnerabilities, and the Frankfurt hackathon recap – this week was packed for FreeBSD.
FreeBSD 15.1-RC3 Released – Release Pushed to Mid-June
The week’s headline event: Colin Percival announced FreeBSD 15.1-RC3 on June 6. A third release candidate was needed because a critical bug in the x86 bootloader/kernel handoff was discovered that could cause systems to hang during boot – most commonly, but not exclusively, when Intel microcode updates are being loaded.
The announcement explicitly warns: when upgrading to RC3, you must install the updated EFI bootloader. The originally planned early-June release date has slipped to mid-June.
RC2 (May 31) had already re-introduced PadLock RNG support for VIA/Zhaoxin processors and integrated security fixes from SA-26:19 through SA-26:24. RC3 builds on that with the critical bootloader fix.
Available images include amd64, powerpc64(le), armv7, aarch64 (including RPI, PINE64, ROCK64), and riscv64, plus VM images (QCOW2, VHD, VMDK, raw), OCI container images, and Amazon EC2 AMI images.
Security Advisories – AI-Driven Vulnerability Discovery Makes Its Mark
The wave of security advisories published in late May (SA-26:18 through SA-26:24) continues to dominate discussions. Notably, most of these vulnerabilities were discovered through AI-driven security research:
SA-26:18.setcred – Stack Buffer Overflow via setcred(2)
A stack buffer overflow in the new setcred(2) system call that could lead to local privilege escalation (CVE-2026-45250).
SA-26:19.file – Kernel Use-After-Free via File Descriptor Syscalls
Discovered by Calif.io. A use-after-free in the kernel through file descriptor system calls.
SA-26:20.fusefs – Heap Overflow in FUSE_LISTXATTR
Discovered by the AISLE Research Team. A heap overflow in the FUSE file system code.
SA-26:21.ptrace – Missing Validation in ptrace(PTSCREMOTE)
Found by researchers using GLM-5.1 from Z.ai. Unprivileged local users could escalate privileges to root.
SA-26:22.libcasper – select(2) FD Set Overflow → Stack Overflow
Also from the AISLE Research Team. A file descriptor set overflow in select(2) led to a stack overflow. CVE-2026-39457 and CVE-2026-39461 were assigned.
SA-26:23.bsdinstall – RCE via Wi-Fi Access Point Scans
A suitably crafted network name (SSID) could cause command execution via sub-shell during Wi-Fi scans in bsdinstall and bsdconfig.
SA-26:24.capnet – Incorrect libcapnet Permission List Manipulation
Incorrect manipulation of permission lists in libcap_net could extend a process’s permissions.
Earlier Advisory from April: SA-26:14.pf – pf Stack Overflow via SCTP
Published April 29 but relevant context for the current wave: invalid SCTP packets could trigger unbounded recursion in pf, resulting in a stack overflow and kernel panic (CVE-2026-7164).
AISLE: Three setuid-root Stack Buffer Overflows Uncovered
On May 25, the AISLE Research Team published a detailed blog post on discovering three separate stack buffer overflows in FreeBSD, all reachable through the same basic attack vector:
ping6: The setuid-root binary lost a safety check that the closely related ping program retained. A local user could open many file descriptors and then execute /sbin/ping6, forcing later descriptors above 1023 and reaching unchecked FD_SET() calls.
libnv: The same FD_SET overflow in the NV encoding library.
libcasper: Ironically, the bug also hit FreeBSD’s Capsicum/Casper sandboxing infrastructure, which exists specifically to contain untrusted operations.
Particularly interesting: the ping6 bug had been fixed in closely related code back in 2002, but the corresponding guard was removed during a refactoring and never restored.
Blog Posts and Articles
“An AI audit of FreeBSD” (blog.calif.io, May 28)
Calif.io published a comprehensive retrospective on their AI-driven audit campaign against FreeBSD. Result: 15 kernel bugs, including 3 Remote Code Execution (RCE), 5 Local Privilege Escalation (LPE), and 1 bhyve escape.
“CVE-2026-7270: How I Get Root on FreeBSD with a Shell Script” (blog.calif.io, May 7)
Another Calif.io article demonstrating how a single shell script was enough to gain root access on a FreeBSD system.
AISLE: “AISLE matches Anthropic Mythos on FreeBSD zero-days” (May 6)
AISLE reports independently reproducing three of the eight FreeBSD security advisories from April 2026 that were also found by Nicholas Carlini at Anthropic (Claude Mythos).
CVE-2026-42511: A 21-year-old remote code execution vulnerability in dhclient, where the BOOTP file field was not properly escaped, allowing injection of arbitrary dhclient.conf directives.
Frankfurt Area FreeBSD Hackathon Recap (FreeBSD Foundation, June 2)
The FreeBSD Foundation published a recap of the first regional hackathon in the Frankfurt area (April 24–26). Results: 120 closed bug reports, successful implementation of SBOM (Software Bill of Materials) functionality, and a German translation of Sylve.
“FreeBSD May 2026 Security Batch – An Operator’s Triage Guide” (maxiujun.com)
A practical triage guide for admins: of the seven simultaneously published advisories, two are kernel-side and trivially exploitable by any local user – patch those first.
Mailing List Discussions
mtree(1) POLA Violation
Gleb Smirnoff flagged on the freebsd-current list that the recent mtree(1) import from NetBSD constitutes a POLA (Principle of Least Astonishment) violation: checksum behavior has changed. Jose Luis Duran and Xin LI discussed potential corrections; a differential (D56013) was submitted to add missing entries.
15.1 Release Planning
Mailing list activity shows the typical end-of-cycle intensity: RC1, RC2, and RC3 were each announced on freebsd-stable. The delay from additional release candidates has drawn mixed reactions – understanding of the security fixes, but also impatience for the final release.
Looking Ahead
BSDCan 2026 and the FreeBSD Developer Summit take place June 17–18 in Ottawa, Canada.
FreeBSD 15.1-RELEASE is expected mid-June, assuming no further critical issues surface.
AI-driven security research (Calif.io, AISLE, Anthropic Mythos) has established itself as a serious force – expect more findings.
This was one of the most security-intensive weeks in recent FreeBSD history. Between AI-discovered vulnerabilities, a new release candidate, and the Foundation’s Executive Director daily-driving FreeBSD on a laptop, there was plenty to talk about.
FreeBSD 15.1-RC1 Released
On May 29, Colin Percival released the first release candidate for FreeBSD 15.1. RC1 includes a batch of security fixes (more below), improvements to the fwget firmware tool, and various small kernel bug fixes and man page updates.
The 15.1-RELEASE is planned for June, assuming no further surprises. The release cycle has been fairly smooth so far: BETA1 dropped on May 2, and RC1 is the latest milestone.
On May 20, FreeBSD published seven security advisories in a single day — enough to make even seasoned operators sweat. Xiujun Ma published an excellent triage guide that I recommend every admin read.
The two most critical:
SA-26:18.setcred — Kernel-Level RCE
The setcred(2) system call copies a user-supplied list of supplementary groups into a fixed-size kernel stack buffer without checking the length. The result: a kernel stack overflow that enables arbitrary kernel-level code execution. Any local user can trigger this, no special configuration required, all supported FreeBSD versions affected. Patch immediately.
SA-26:21.ptrace — Local Privilege Escalation (CVE-2026-45253)
Insufficient parameter validation in the PT_SC_REMOTE ptrace operation allows unprivileged local users to execute arbitrary system calls inside a target process. Local → root. On multi-user boxes and jail hosts, this is also a same-day patch.
The remaining five advisories:
Advisory
Issue
Urgency
SA-26:24.cap_net
Capsicum permission limit bypass
This week
SA-26:22.libcasper
Stack overflow via select(2) with >1024 file descriptors (CVE-2026-45252)
This week
SA-26:23.bsdinstall
Root RCE via malicious Wi-Fi SSIDs during installer scanning (CVE-2026-45255)
Before next install/re-image
SA-26:20.fusefs
Kernel heap disclosure/injection via rogue FUSE daemon
Only if fusefs.kois loaded
SA-26:19.file
file(1) / libmagic issue
This week
AI-Discovered Vulnerabilities: Calif.io and AISLE
This is the big story of the week: AI systems are now actively finding FreeBSD kernel bugs.
Calif.io — “An AI Audit of FreeBSD”
Security research firm Calif.io published a detailed blog postdescribing their AI-driven audit of the FreeBSD kernel. Within a few weeks, the AI found:
5 local privilege escalations
1 bhyve guest-to-host escape
A handful of memory disclosures and DoS bugs
In total, 15 kernel bugs, all reported to the FreeBSD security team. Notably, Calif.io coordinated with the FreeBSD team, focused on their priorities, and only reported high/critical bugs — no CVE-chasing, just targeted help.
One of the published exploits is setcred (CVE-2026-45250): a single-character sizeof confusion in kern_setcred_copyin_supp_groups that turns into a stack overflow and then a local root shell. Only FreeBSD 14.4 is exploitable, despite the same source bug being present in 14.3 and 15.0.
AISLE — Autonomous Vulnerability Discovery
The AISLE Research Team also made waves. On May 25, they published a report on three stack buffer overflows in ping6, libnv, and libcasper — all reachable through the same fundamental mechanism: FD_SET() with file descriptors above 1023.
The ping6 bug is particularly notable: the binary runs setuid-root, meaning any local user can trigger the vulnerable path in a process with effective UID 0. Ironically, FreeBSD had already fixed this exact bug class in closely related code back in 2002 — the guard in ping6 disappeared during a later refactoring and never returned.
AISLE also discovered a 21-year-old RCE in dhclient (CVE-2026-42511) and reported that their autonomous system independently found three of the eight April security advisories — matching Anthropic’s “Claude Mythos” on capability.
Deb Goodkin Daily-Drives FreeBSD on a Framework Laptop
Deb Goodkin, the FreeBSD Foundation’s Executive Director since 2005, spoke at the Open Source Summit + ELC NA 2026 in Minneapolis about her experience daily-driving FreeBSD on a Framework Laptop. Until recently, she hadn’t been running FreeBSD as her daily OS because it “felt like a mountain.”
Her takeaways:
Touchscreen worked out of the box
KDE desktop ran stable
Peripherals like a wireless mouse worked without issues
Zoom eventually worked after some troubleshooting
Webcam required manual setup
Microsoft Teams only partially functional
This aligns with the Foundation’s ongoing Laptop Integration Testing Project, which aims to close the graphics and Wi-Fi driver gap with Linux in 2026.
NVIDIA Driver Update
The NVIDIA graphics driver in FreeBSD ports was updated to version 595.71.05. Anyone running NVIDIA hardware on FreeBSD should plan to update the port.
Mailing List Discussions
Boot issues: Multiple reports of boot-time problems and hangs with 15.1 installations, particularly in diskless operation. Discussions on freebsd-stable and freebsd-current are ongoing.
15.1-BETA1 pkgbase fingerprint issue: Graham Perrin reported a problem with base package fingerprints in 15.1-BETA1, which Colin Percival has acknowledged.
OpenBSD 7.9 (Neighbor Note)
OpenBSD 7.9 was released on May 30 — with support for up to 255 CPU cores and WiFi 6. Not directly FreeBSD, but worth noting for anyone following the BSD ecosystem.
Week in Review
The big takeaway: AI-driven security research is no longer a theoretical concept — it’s actively finding kernel bugs in FreeBSD. At the same time, the cooperation between Calif.io/AISLE and the FreeBSD team shows what constructive engagement looks like: short reports, suggested patches, direct communication rather than CVE-count chasing.
FreeBSD 15.1-RELEASE is approaching and will include all of these fixes. If you operate multi-user systems, patch SA-26:18.setcred and SA-26:21.ptrace immediately — the rest of the advisories can wait until this week.
This past week was one of the most eventful for FreeBSD in recent memory: six security advisories dropped simultaneously, FreeBSD 15.1 hit release candidate status, and the FreeBSD Foundation’s executive director went public about daily-driving FreeBSD on a laptop.
FreeBSD 15.1-RC1 Released
On May 22, Colin Percival announced FreeBSD 15.1-RC1 — the first and likely only release candidate before the planned final release in early June. RC1 is available for amd64, powerpc64, powerpc64le, armv7, aarch64 (including RPI, PINE64, PINEBOOK, ROCK64, ROCKPRO64), and riscv64.
Changes since Beta 3 include:
The six new security advisories SA-26:18 through SA-26:24(see below)
Improvements to fwget(8) for automatically identifying necessary firmware for more Wi-Fi cards
EC2 “small” instances no longer run firstboot_pkgs by default
freebsd-update no longer prompts to merge changes to /etc/ssl/cert.pem
Various kernel bug fixes and man page updates
The full set of installation images, VM images (QCOW2, VHD, VMDK, raw), OCI container images, and EC2 AMI images are available on the usual download mirrors.
Security Advisory Blitz: Six Advisories at Once
On May 20, the FreeBSD Security Team released six security advisories simultaneously — several of which were discovered through AI-driven vulnerability research.
The most severe vulnerability of the week. A sizeof type error in kern_setcred_copyin_supp_groups()(sys/kern/kern_prot.c) causes a kernel stack buffer overflow in the setcred(2) system call. The bug: sizeof(*groups) evaluates to 8 bytes (pointer size) instead of the intended 4 bytes (sizeof(gid_t)). An unprivileged local user can exploit this to escalate to root — even on systems with SMAP/SMEP enabled. The vulnerability was disclosed by Przemyslaw Frasunek under the name “FatGid” and affects FreeBSD 14.3, 14.4, and 15.0.
Fixed in: 14.3-RELEASE-p14, 14.4-RELEASE-p5, 15.0-RELEASE-p9. FreeBSD 13.x and earlier are unaffected (the setcred(2)syscall doesn’t exist there).
SA-26:19.file — Kernel Use-After-Free
A file descriptor system call flaw can lead to a kernel use-after-free condition. Discovered by Calif.io (AI-driven vulnerability discovery).
SA-26:20.fusefs — Heap Overflow in FUSE_LISTXATTR
The kernel processes extended attribute lists from userspace FUSE daemons without verifying proper NUL termination, potentially allowing a malicious FUSE daemon to trigger a heap overflow. Discovered by the AISLE Research Team (autonomous vulnerability discovery).
SA-26:21.ptrace — Missing Validation in ptrace(PTSCREMOTE)
Missing input validation allows unprivileged local users to escalate privileges to root. Discovered using GLM-5.1 by Z.ai.
SA-26:22.libcasper — select(2) File Descriptor Set Overflow Causes Stack Overflow
An overflow of the file descriptor set in select(2) within libcasper leads to a stack overflow. Discovered by the AISLE Research Team.
SA-26:23.bsdinstall — Remote Code Execution via Installer Wi-Fi Scans
A specially crafted network name (SSID) can trigger arbitrary command execution via sub-shell during Wi-Fi access point scanning in bsdinstall and bsdconfig. Practically relevant when installing in Wi-Fi environments.
SA-26:24.cap_net — Incorrect Permission List Manipulation
Faulty manipulation of limitation lists in libcap_net can extend a process’s permissions beyond what was intended. Discovered by the AISLE Research Team.
Takeaway: What’s notable is that several of these vulnerabilities were discovered through AI-based tools (Calif.io, GLM-5.1, AISLE Research Team). This marks a turning point in OS security auditing — AI-driven discovery is now producing real, exploitable findings.
FreeBSD 15.1 Beta 3 (May 17)
The third beta of FreeBSD 15.1, released the previous weekend, brought important updates:
OpenZFS 2.4.2 was integrated (bug fixes and improvements)
Cloud images now run pkg upgrade on first boot to apply security updates
Kerberos was updated
Scripted bsdinstall installations now use pkgbase
The planned KDE desktop installation option was deferred to FreeBSD 15.2, as the script still needs adaptation for new NVIDIA drivers and removal of obsolete components
FreeBSD Foundation ED Daily-Drives FreeBSD on Laptop
Deb Goodkin, Executive Director of the FreeBSD Foundation since 2005, presented at the Open Source Summit North America (OSS 2026) in Minneapolis about her experience daily-driving FreeBSD on a Framework Laptop. Previously, every attempt to run FreeBSD on laptops “felt like a mountain” — time-consuming and ultimately getting stuck. With the KDE desktop, the touchscreen “just worked,” as did peripherals like a wireless mouse. Challenges remained: Zoom required effort to get working, the webcam needed manual steps to enable, and Microsoft Teams only partially worked. An encouraging sign, but also an honest assessment of the remaining gaps in desktop support.
Ian Wagner published a helpful blog post on configuring different package repositories per jail under FreeBSD. Using AppJail for declarative jail management, the post demonstrates how to switch specific jails to the latest ports branch when newer packages are needed while others remain on quarterly.
FreeBSD Resource Monitoring, Accounting, and Troubleshooting (Larvitz Blog)
A thorough guide on resource monitoring and troubleshooting on FreeBSD systems — from “the server feels slow” to concrete diagnostic tools and techniques.
Ubuntu 16.04 to FreeBSD Migration
A blog that ran on Ubuntu 16.04 for 10 years reported on its migration to FreeBSD, motivated by Ubuntu 16.04’s end-of-life and the promise of long-term stability.
Valuable News — May 18 (vermaden)
The weekly link roundup from vermaden offers its usual comprehensive overview of BSD and UNIX-related articles.
Mailing List Discussions
pkgbase Upgrade from 15.0 to 15.1
Discussions around the pkgbase upgrade path from 15.0-RELEASE to 15.1-BETA2 reveal that the transition to the new default installation method isn’t entirely smooth yet. Issues with kernel modules (kmods) and the pkgbase-quarterly repos were extensively discussed.
Boot-Time Bugs on freebsd-stable
Garrett Wollman reported issues with booting his server fleet, sparking a discussion about boot-time behavior and error handling.
Diskless Systems on 15.1
Daniel Braniss and Bjoern Zeeb discussed problems with diskless setups under FreeBSD 15.1 that can cause hangs during boot.
Looking Ahead
If all goes according to plan, FreeBSD 15.1-RELEASE is expected around June 2, 2026. The KDE desktop installation option has been deferred to FreeBSD 15.2 (expected December 2026). Until then, manual installation via pkg remains the recommended approach for a KDE desktop on FreeBSD.
This week saw the third beta of FreeBSD 15.1, a critical execve() privilege escalation vulnerability, the KDE desktop installer option being pushed to 15.2, and two libnv security advisories that remain highly relevant. Here’s your summary.
FreeBSD 15.1 Beta 3 Released
FreeBSD 15.1-BETA3 was released over the weekend as the latest weekly test candidate. The release is entering its final stretch — the Release Candidate (RC) is expected next week, and if all goes well, FreeBSD 15.1-RELEASE is targeted for June 2, 2026.
Key changes in Beta 3:
OpenZFS 2.4.2 has been integrated — the latest OpenZFS release with various fixes and minor enhancements.
Cloud images now automatically run pkg upgrade on first boot to apply security updates to the base system. A sensible improvement for cloud deployments that often start from stale images.
Kerberos has been updated.
bsdinstall scripted installations now use pkgbase.
The beta cycle has been relatively smooth so far. BETA1 and BETA2 in previous weeks brought Zstd 1.5.7, userland fixes for ifconfig, lockf, stat, tail, and certctl, plus kernel fixes for nullfs, so_splice, and VT.
BETA2 Recap (May 8)
Updated to Zstd 1.5.7
bsdinstall now consistently uses pkg.freebsd.org for package bootstrap
A serious kernel vulnerability disclosed in late April continues to generate discussion. FreeBSD-SA-26:13.execdescribes an operator-precedence error in the execve(2) implementation that leads to a buffer overflow. Attacker-controlled data can spill into adjacent argument buffers, corrupt kernel state, and grant unprivileged users root access.
The flaw affects all supported FreeBSD releases (13.5 through the 15 branch). Patches were published within hours, adding explicit parentheses to enforce the intended evaluation order and tightening size checks.
Community Reaction
Positive: Rapid response — the advisory went live less than an hour after discovery, with patches available for every supported branch the same day.
Concerns: There is no workaround. Administrators who can’t immediately reboot (e.g., high-availability systems) remain exposed.
Source-based installations require kernel recompilation and reboot, which can take hours on older hardware.
Early adopters on the 15 branch reported a minor regression in custom execve wrapper scripts that relied on the previous (buggy) argument handling.
Two libnv Security Advisories (SA-26:16 and SA-26:17)
Also disclosed on April 29, two libnv vulnerabilities remain relevant for anyone who hasn’t patched yet:
SA-26:16 (CVE-2026-39457): Stack overflow via select() file descriptor set overflow — when a socket descriptor exceeds FD_SETSIZE (1024), select(2) overflows its file descriptor set. An attacker who can force a program to open many descriptors can trigger stack corruption and potentially escalate privileges via setuid-root programs. Discovered by Joshua Rogers (AISLE Research Team).
SA-26:17 (CVE-2026-35547): Heap overflow in libnv — message size is not properly validated when processing headers, enabling out-of-bounds writes on the heap. This can cause crashes, panics, or potential privilege escalation by unprivileged users. Discovered by Mariusz Zaborski.
Both affect all supported FreeBSD versions with no workaround. Upgrade and reboot are mandatory.
KDE Desktop Installer Option Delayed to FreeBSD 15.2
The long-awaited KDE desktop installation option in the FreeBSD installer has been delayed again — this time from 15.1 to FreeBSD 15.2 (expected December 2026). Originally planned for 15.0, then moved to 15.1, the installation script needs updates for new NVIDIA drivers and removal of obsolete components. After committing to CURRENT, a testing period in STABLE is required, which no longer fits the 15.1 timeline.
Until then, KDE Plasma can be set up manually via pkg after installation.
Mailing List Discussions
Update Strategy and Timing (freebsd-current)
Bob Prohaska kicked off a discussion about preferred update strategies for self-hosted FreeBSD systems. On stable branches, freebsd-update is straightforward. On current, things get more complex. Warner Losh, Rick Macklem, Mark Millard, and others weighed in on the trade-offs of different approaches — a worthwhile read for anyone running current in production.
PKGBASE: Upgrading 15.0 to 15.1-BETA2
Vermaden asked about the upgrade path from FreeBSD 15.0-RELEASE to 15.1-BETA2 using the PKGBASE model. Colin Percival confirmed this path isn’t fully documented yet. The PKGBASE system remains marked as experimental, and the minor-release upgrade workflow needs more work.
Beach Cleaning Project: Infrastructure Cleanup
The FreeBSD Foundation published a detailed report on the Beach Cleaning Project in late April that continues to draw attention:
Machine-readable inventory of over 1,000 components in the base system, including 73 third-party imports
OpenSSL 3.5 LTS was integrated in time for FreeBSD 15.0 (replacing OpenSSL 3.0, which reaches EOL September 2026)
SBOM generation in SPDX 2 and SPDX 3 formats
CODEOWNERS-style reports for better maintainability
Preparation for importing pkg into the base system as part of the pkgbase transition
The project was funded by Alpha-Omega and produced practical tooling, security assessments, and implementation plans that will serve FreeBSD development well beyond the project’s lifespan.
Blog Posts This Week
Vermaden: FreeBSD PKGBASE Minor Upgrades
Vermaden published a practical guide for upgrading FreeBSD 15.0 to 15.1-BETA2 using PKGBASE and ZFS Boot Environments. The walkthrough covers creating a new BE, configuring the pkg repository, upgrading the base system, and rolling back if needed — including an alternative approach using --chroot.
Going Back to BSD
Pete shared a personal blog post about returning to BSD after decades on Linux. He describes moving from Arch Linux to FreeBSD, setting up mail servers with Bastille jails, and appreciating the simplicity of the rc system compared to systemd. A nostalgic and practical read.
Looking Ahead
Next week will see the Release Candidate for FreeBSD 15.1. If no unexpected issues arise, the final release is expected on June 2, 2026. Administrators should patch the three security vulnerabilities (execve, libnv x2) immediately if they haven’t already.
The past week has been one of the most eventful in the FreeBSD project in quite some time: two beta releases, a massive security advisory bundle, eye-catching AI-driven vulnerability discoveries, and a new blog post on the pkgbase upgrade path. Here’s the rundown.
FreeBSD 15.1: Beta 1 and Beta 2 Released
The release cycle for FreeBSD 15.1 is gaining momentum. After Colin Percival announced 15.1-BETA1 on May 2, 15.1-BETA2 followed on May 8 — the weekly cadence is holding.
Changes in Beta 2 (vs. Beta 1)
Zstd updated to 1.5.7 — latest upstream compression support
less updated to v692
bsdinstall now consistently uses pkg.FreeBSD.org for package bootstrap operations
nuageinit only parses user_data as YAML when necessary
rtadvd(8) now honors pltime and vltime in interface declarations
Various userland bug fixes: ifconfig(8), lockf(1), stat(1), tail(1), certctl(8)
Kernel bug fixes: nullfs, so_splice, vt(4)
Miscellaneous manual page and test fixes
Available Architectures
Images are available for amd64, powerpc64, powerpc64le, armv7, aarch64 (including RPI, PINE64, ROCK64 variants), and riscv64. Additionally, VM disk images (QCOW2, VHD, VMDK, Raw), OCI container images (static, dynamic, runtime, notoolchain, toolchain), and Amazon EC2 AMIs are provided.
Schedule
Beta 3 expected next week
Release Candidate the week after
15.1-RELEASE on June 2, 2026 — if all goes according to plan
Critical Security Vulnerabilities — 8 Advisories on April 29
On April 29, FreeBSD published a large batch of security advisories that were widely discussed this week:
Advisory
Module
Description
Severity
SA-26:11
amd64
Missing large page handling in pmap_pkru_update_range()
High
SA-26:12
dhclient
Remote code execution via malicious DHCP options (CVE-2026-42511)
Critical
SA-26:13
execve
Local privilege escalation via execve(2)
High
SA-26:14
pf
Stack overflow parsing crafted SCTP packets
High
SA-26:15
dhclient
Remotely triggerable out-of-bounds heap write in dhclient
Critical
SA-26:16
libnv
Stack overflow via select() file descriptor set overflow
High
SA-26:17
libnv
Heap overflow in libnv
High
Additionally, EN-26:11 was published on May 1: an errata notice correcting overly strict dhclient lease validation behavior — a side effect of the security fixes.
The 21-Year-Old dhclient RCE (CVE-2026-42511)
Particularly notable: the vulnerability in dhclient (SA-26:12) had existed in the code for over 20 years. The BOOTP file field was written to the lease file without escaping embedded double-quotes, enabling injection of arbitrary dhclient.conf directives — and thus remote code execution after a system restart.
AI-Driven Vulnerability Research: AISLE vs. Anthropic Mythos
On May 7, AISLE published a blog post that made waves: their multi-model system had discovered three critical vulnerabilities in FreeBSD — independently of and in parallel with the findings made by Anthropic’s “Claude Mythos.”
AISLE’s findings:
The 21-year-old dhclient RCE (CVE-2026-42511)
A remotely triggerable heap buffer overflow in dhclient
A stack buffer overflow in ping6 (local privilege escalation)
All three were discovered on April 13, reported on April 14, and patched on April 29.
The debate AISLE’s findings sparked is noteworthy: AI-powered security systems can be very effective even with smaller, cheaper models — a well-designed system beats pure scaling through larger models. AISLE references their research showing that security capability is “jagged”: small models can outperform larger ones at many security-relevant tasks.
FreeBSD Foundation: “Cleaning Up Critical Infrastructure”
On April 20 (still widely discussed this week), the FreeBSD Foundation published a detailed blog post about the Alpha-Omega Beach Cleaning Project. Key points:
OpenSSL 3.5 LTS was integrated in time for FreeBSD 15.0 — avoiding an unsupported fork of OpenSSL 3.0 (EOL September 2026) for over four years
A machine-readable inventory of the base system was created: over 1,000 components in a YAML-based database, including 73 third-party imports
SBOM generation via SPDX 2 and SPDX 3 formats
CODEOWNERS-style reports for better maintainership tracking
Preparation for importing pkg into the base system as part of the pkgbase transition
Vermaden: PKGBASE Minor Upgrades with ZFS Boot Environments
On May 10, well-known FreeBSD blogger Vermaden published a practical guide for minor upgrades (e.g., 15.0 to 15.1) using PKGBASE and ZFS Boot Environments. Since PKGBASE is still marked as experimental and freebsd-update(8) is no longer available for minor releases, he demonstrates two methods:
Classic method: Create a new ZFS BE, chroot, configure pkg.repo, run pkg upgrade -r FreeBSD-base
Alternative method: Use pkg --chroot and ABI/OSVERSION overrides without manual devfs mounting
Both methods allow a safe rollback via ZFS Boot Environments if the upgrade causes issues.
Q1 2026 Status Report: 45 Entries
The FreeBSD Status Report for the first quarter of 2026 was published on April 23 — with a record 45 entries. Highlights:
Cyber Resilience Act (CRA) Readiness Project — preparing for EU regulation
amd64 FRED support — new CPU flexibility features
LinuxKPI 802.11 and Native Wireless Update — WiFi driver progress
Suspend/Resume and Hibernate improvements
Sylve — a unified system management platform for FreeBSD
daemonless — native FreeBSD OCI containers without a daemon
KDE on FreeBSD — Plasma 6 and Wayland progress
FreeBSD on EC2 and STACKIT Cloud Integration
bhyve: Full CPUID Control, Management GUI
Looking Ahead
With Beta 3 coming next week and the Release Candidate after that, FreeBSD 15.1-RELEASE on June 2 is fast approaching. Anyone running supported versions should urgently apply the April 29 security advisories — especially the critical dhclient RCE. And for those testing pkgbase, Vermaden’s guide provides a solid starting point.
This week brought two critical security advisories (both discovered with AI-assisted fuzzing), a bumper Q1 status report with 45 entries, and the official start of the 15.1 release cycle. If you’re still on FreeBSD 13.5, the clock is ticking.
Two Security Advisories, One Day
On April 21, the FreeBSD Security Team released two advisories — both credited to Nicholas Carlini using Claude (Anthropic). AI-assisted fuzzing finding two independent kernel bugs is noteworthy and signals a shift in how vulnerability research is done.
SA-26:10.tty — Use-After-Free in TIOCNOTTY Handler (CVE-2026-5398, CVSS 8.4 HIGH)
The TIOCNOTTY ioctl lets a process detach from its controlling terminal. The implementation failed to clear a back-pointer from the terminal structure to the calling process’s session. When the process subsequently exits, the terminal structure retains a dangling pointer to freed memory — which a malicious process can exploit to escalate to root.
All supported FreeBSD versions are affected (13.5, 14.3, 14.4, 15.0). No workaround exists. Patch and reboot.
SA-26:11.amd64 — Missing Large Page Handling in pmap_pkru_update_range() (CVE-2026-6386)
The pmap_pkru_update_range() function updates page table entries when applying Memory Protection Keys (PKRU) to an address range. It didn’t account for 1GB large page mappings created via shm_create_largepage(). Instead of recognizing a page directory entry as a large page, it treated it as a pointer to another page table page.
The result: an unprivileged user can trick the kernel into treating userspace memory as a page table, overwriting memory they shouldn’t have access to. Affects all supported versions on amd64. No workaround.
Takeaway: If you run amd64 systems, patch immediately. Both bugs are locally exploitable, and SA-26:10 leads directly to root. The AI-assisted discovery method is a clear signal: defenders need to adopt these tools as fast as attackers already have.
Q1 2026 Status Report: 45 Entries
The Q1 2026 Status Report landed on April 22 with 45 entries — the first under a newly enforced editorial schedule. Highlights:
Alpha-Omega Beach Cleaning
The FreeBSD Foundation continues its Beach Cleaning project, funded by the Linux Foundation’s Alpha-Omega initiative. The goal: proactively find and fix security vulnerabilities in third-party base system software. The repository includes build infrastructure and fuzzing setups for components like libxml2, SQLite, and other base system dependencies. The connection to this week’s two SAs is obvious — structured fuzzing pays off.
Cyber Resilience Act (CRA) Readiness
The EU’s Cyber Resilience Act is law, and FreeBSD must prepare. The Foundation launched a dedicated CRA Readiness project with monthly updates. Core questions: Which SBOM requirements apply? How is vulnerability management documented? Anyone deploying FreeBSD in EU-compliant products should follow this closely.
Laptop Testing & Integration
The Laptop Integration Testing Project introduced a Python application that automates FreeBSD compatibility testing on laptops. The Foundation is asking the community to submit hardware probes to build a public compatibility matrix. Other laptop progress:
S0ix (Modern Standby): Suspend/Resume support for modern laptops
Hibernate (Suspend-to-Disk): Under active development
CPPC: AMD CPPC support for Zen 2+ processors (out-of-tree module available)
Intel FRED: Konstantin Belousov (kib) submitted initial patches for Intel’s Flexible Return and Event Delivery — CPUID, MSR, and CR4 bits are in main, full FRED support is under review
Sylvea v0.2.3
The management tool Sylvea reached v0.2.3 with enhanced jail and VM support. A lightweight GUI for Bhyve, Jails, ZFS, and networking — an interesting alternative to web-based tools like TrueNAS.
HPC Initiative
FreeBSD is getting ports for Slurm, OpenMPI, and UCX — high-performance computing is landing on the platform. Niche, but strategically important.
Cloud
FreeBSD on EC2 with updated AMIs, plus a new STACKIT Cloud integration (a European cloud provider in the IAD group).
Ports Updates
KDE Plasma 6.6.3
OpenJDK 21/25
Wazuh 4.14.3 (Security Monitoring)
FreeBSD 15.1: Code Slush Reached
The 15.1 release cycle hit Code Slush on April 17 — commits to the stable/15 branch no longer require explicit approval, but new features should be avoided. The remaining schedule:
Milestone
Date
releng/15.1 branch
May 1, 2026
BETA1
May 1, 2026
BETA2
May 8, 2026
BETA3
May 15, 2026
RC1
May 22, 2026
RELEASE
June 2, 2026
FreeBSD 15.0 reaches end-of-life on September 30, 2026. Stable/15 will be supported through December 2029.
FreeBSD 13.5: EOL on April 30
Anyone still running FreeBSD 13.5 has less than a week to upgrade. Support ends April 30 — no more security patches after that. The Release Engineering Team has already stopped weekly snapshot builds for stable/13.
Migration to 14.4 or 15.0 is now urgent. Especially given SA-26:10 and SA-26:11, running an EOL version would be negligent.
ZFS: Snapshot Automount Deadlock Fixed
Hamza (ixhamza) contributed two significant ZFS fixes:
Snapshot automount deadlock during concurrent zfs recv — When a snapshot is automounted while zfs recv is running, the system could deadlock. The fix reorganizes the locking order.
AVL tree panic from snapshot automount race — A race condition during parallel snapshot mounts could trigger an AVL tree panic. Solved by switching to AVL lookup instead of linear scan.
Additionally, a memory leak in zfsctl_snapshot_mount was fixed — the options structure wasn’t being properly freed.
For anyone running zfs recv in production (and you should be if you do replication), these fixes matter. The deadlock was hitting real users, as open issue #18073 confirms.
BastilleBSD Hiring Plans
BastilleBSD announced plans to hire a part-time FreeBSD/Bastille sysadmin (~20 hrs/week), targeting EMEA/APAC time zones. The role involves working with Bastille’s creator on a cybersecurity startup, with an expected start in mid-to-late 2026. A sign that the FreeBSD jail management ecosystem is professionalizing.
TopBar: Wayland Desktop Environment
TopBar was featured on DiscoverBSD — a customizable desktop environment built with Quickshell and QML for Wayland compositors like MangoWM and Hyprland. It integrates a status bar, app launcher, lock screen, and wallpaper manager into a single cohesive system. For FreeBSD laptop users exploring Wayland, this is worth watching.
ZFS Performance Without New Hardware
A DiscoverBSD article rounded up ZFS performance tips that don’t require hardware investment:
Tune recordsize to workload (16K for databases, 1M–4M for storage)
Enable LZ4 compression — often reduces I/O overhead rather than increasing it
Pool topology: Replace wide RAIDz configs with mirrored VDEVs for more parallelism
Disable prefetch for random-access workloads (databases)
Nothing new for ZFS veterans, but a solid reference for newcomers.
What This Week Means
Two critical SAs in one week, both discovered via AI-assisted fuzzing — that’s a wake-up call. The tools are getting better, and attackers will use them too. The Q1 status report shows a healthy project: laptop support is growing, HPC is arriving, CRA preparation is professional. And with the code slush for 15.1, the next release is approaching.
If you’re on 13.5: upgrade now. If you’re on 15.0 or 14.4: patch now. Anything else is negligent.