The Big Security Week: Nine Advisories at Once
The single most important development this week was the security advisory batch released on June 9, 2026, which brought no fewer than nine advisories — several rated core with critical impact:
The Most Severe Vulnerabilities
- SA-26:25.thr – Missing permission check in
thr_kill2(2). An unprivileged local user could send signals to arbitrary processes, even across jail boundaries. Discovered by researchers at Tsinghua University using GLM-5.1 (Z.ai) — a notable case of AI-assisted security research. CVE-2026-45256 - SA-26:26.ktls – Arbitrary file overwrite via the KTLS receive path. Through KTLS decryption on non-anonymous mbufs (via
sendfile(2)+ loopback), a local user could overwrite file contents including setuid binaries — achieving full privilege escalation. No workaround available. CVE-2026-45257, category: core. - SA-26:27.sound – Two
mmapvulnerabilities in thesound(4)driver (CVE-2026-45258, CVE-2026-49417) allowing unprivileged local users to read/write kernel memory via/dev/dsp, enabling privilege escalation. - SA-26:28.capsicum –
sigqueue(2)lacked a Capsicum mode check, allowing sandboxed processes to send signals to other processes, bypassing Capsicum restrictions. - SA-26:30.linux – The Linuxulator incorrectly set
AT_SECUREto zero for setuid/setgid Linux binaries. Unprivileged users could inject shared libraries viaLD_PRELOADand escalate privileges. - SA-26:29.ip6_multicast – Vulnerability in IPv6 multicast processing.
- SA-26:31.arm64 – Arm CPU errata may bypass page table permission changes. Affected models include numerous Cortex-A/Neoverse chips (A76, A77, A78, A710, X1, X2, X3, X4, N1, N2, V1, and more). No workaround. CVE-2025-10263
- SA-26:32.elf – ELF processing vulnerability.
- SA-26:35.openssl – Multiple OpenSSL vulnerabilities.
Bottom line: Anyone running FreeBSD in production should patch and reboot immediately — the ktls and thr vulnerabilities are particularly critical.
FreeBSD 15.1-RELEASE: Tomorrow, Finally!
After two unplanned release candidates, FreeBSD 15.1-RC3 was published on June 6. The only but critical fix addressed the x86 boot loader / kernel handover: the system could hang during boot, especially when Intel microcode updates were being loaded.
The RELEASE date is now set for June 16, 2026 — tomorrow, barring further delays.
What 15.1 Brings
Highlights from the release notes:
- OpenPAM and Zstandard (zstd) moved into separate pkgbase packages
installworld/installkernelblocked on pkgbase systems to prevent package database inconsistencies- Default shell for root and freebsd user: now sh(1) instead of csh(1)
find(1)gains-xattrand-xattrnamefor extended attribute searchesbectl(8)gains-Eflag to create empty boot environmentszfs clonegains-uto prevent automatic mountingnewfs(8)gains-uflag to disable soft updatesdaemon(8)supports configurable file modes for log outputdiff3(1)now GNU-compatible in merge modesetaudit(8)added as a new utility for audit policiesipfs(8)disabled by default, kernel support now optional- DTrace probes support on PowerPC architectures
- sched_ule implemented as a scheduler instance
- Updated OpenZFS support
- Oracle Cloud Infrastructure build targets removed
Graphics Drivers: drm-kmod Updated
On June 10, Jean-Sébastien Pédron (dumbbell) updated the DRM drivers in the Ports tree — commit messages indicate a version bump to Linux 6.12.85 (matching the recently released drm_v6.12.85_2). Anyone needing current Intel/AMD graphics should update their drm-*-kmod packages.
Blog Posts of the Week
“Native inotify in FreeBSD” (Klara Systems)
Klara Systems published an in-depth article on the shortcomings of the userspace inotify implementation (libinotify.so) on FreeBSD. The library translates inotify calls into kqueue/EVFILT_VNODE, which leads to sporadically missing CLOSE events. The article compares the inotify and kqueue APIs and discusses how a native kernel inotify implementation could resolve these reliability issues.
“FreeBSD Jails” (Tom’s IT Cafe, June 5)
Another contribution covering FreeBSD Jails as a container isolation technique — a classic topic that keeps getting refreshed.
Ports & Packages
- lang/libobjc2 updated to version 2.3
- kf6-*: Portlint fixes across the KDE Framework 6 series
- Ports Q2 branch (2026Q2) was created in early April and is active; the next quarterly package update is in preparation
Looking Ahead
- June 16: Scheduled RELEASE date for FreeBSD 15.1
- Q2 Status Report: The submission deadline for the FreeBSD quarterly status report (April–June) was June 14 — the report should appear in the coming weeks
- The massive security batch demonstrates that AI-assisted security research is having real-world impact (GLM-5.1 found the thr_kill2 vulnerability)