FreeBSD Weekly Review – Week 24 (June 9–15, 2026)

The Big Security Week: Nine Advisories at Once

The single most important development this week was the security advisory batch released on June 9, 2026, which brought no fewer than nine advisories — several rated core with critical impact:

The Most Severe Vulnerabilities

  • SA-26:25.thr – Missing permission check in thr_kill2(2). An unprivileged local user could send signals to arbitrary processes, even across jail boundaries. Discovered by researchers at Tsinghua University using GLM-5.1 (Z.ai) — a notable case of AI-assisted security research. CVE-2026-45256
  • SA-26:26.ktls – Arbitrary file overwrite via the KTLS receive path. Through KTLS decryption on non-anonymous mbufs (via sendfile(2) + loopback), a local user could overwrite file contents including setuid binaries — achieving full privilege escalation. No workaround available. CVE-2026-45257, category: core.
  • SA-26:27.sound – Two mmap vulnerabilities in the sound(4) driver (CVE-2026-45258CVE-2026-49417) allowing unprivileged local users to read/write kernel memory via /dev/dsp, enabling privilege escalation.
  • SA-26:28.capsicum – sigqueue(2) lacked a Capsicum mode check, allowing sandboxed processes to send signals to other processes, bypassing Capsicum restrictions.
  • SA-26:30.linux – The Linuxulator incorrectly set AT_SECURE to zero for setuid/setgid Linux binaries. Unprivileged users could inject shared libraries via LD_PRELOAD and escalate privileges.
  • SA-26:29.ip6_multicast – Vulnerability in IPv6 multicast processing.
  • SA-26:31.arm64 – Arm CPU errata may bypass page table permission changes. Affected models include numerous Cortex-A/Neoverse chips (A76, A77, A78, A710, X1, X2, X3, X4, N1, N2, V1, and more). No workaround. CVE-2025-10263
  • SA-26:32.elf – ELF processing vulnerability.
  • SA-26:35.openssl – Multiple OpenSSL vulnerabilities.

Bottom line: Anyone running FreeBSD in production should patch and reboot immediately — the ktls and thr vulnerabilities are particularly critical.

FreeBSD 15.1-RELEASE: Tomorrow, Finally!

After two unplanned release candidates, FreeBSD 15.1-RC3 was published on June 6. The only but critical fix addressed the x86 boot loader / kernel handover: the system could hang during boot, especially when Intel microcode updates were being loaded.

The RELEASE date is now set for June 16, 2026 — tomorrow, barring further delays.

What 15.1 Brings

Highlights from the release notes:

  • OpenPAM and Zstandard (zstd) moved into separate pkgbase packages
  • installworld/installkernel blocked on pkgbase systems to prevent package database inconsistencies
  • Default shell for root and freebsd user: now sh(1) instead of csh(1)
  • find(1) gains -xattr and -xattrname for extended attribute searches
  • bectl(8) gains -E flag to create empty boot environments
  • zfs clone gains -u to prevent automatic mounting
  • newfs(8) gains -u flag to disable soft updates
  • daemon(8) supports configurable file modes for log output
  • diff3(1) now GNU-compatible in merge mode
  • setaudit(8) added as a new utility for audit policies
  • ipfs(8) disabled by default, kernel support now optional
  • DTrace probes support on PowerPC architectures
  • sched_ule implemented as a scheduler instance
  • Updated OpenZFS support
  • Oracle Cloud Infrastructure build targets removed

Graphics Drivers: drm-kmod Updated

On June 10, Jean-Sébastien Pédron (dumbbell) updated the DRM drivers in the Ports tree — commit messages indicate a version bump to Linux 6.12.85 (matching the recently released drm_v6.12.85_2). Anyone needing current Intel/AMD graphics should update their drm-*-kmod packages.

Blog Posts of the Week

“Native inotify in FreeBSD” (Klara Systems)

Klara Systems published an in-depth article on the shortcomings of the userspace inotify implementation (libinotify.so) on FreeBSD. The library translates inotify calls into kqueue/EVFILT_VNODE, which leads to sporadically missing CLOSE events. The article compares the inotify and kqueue APIs and discusses how a native kernel inotify implementation could resolve these reliability issues.

“FreeBSD Jails” (Tom’s IT Cafe, June 5)

Another contribution covering FreeBSD Jails as a container isolation technique — a classic topic that keeps getting refreshed.

Ports & Packages

  • lang/libobjc2 updated to version 2.3
  • kf6-*: Portlint fixes across the KDE Framework 6 series
  • Ports Q2 branch (2026Q2) was created in early April and is active; the next quarterly package update is in preparation

Looking Ahead

  • June 16: Scheduled RELEASE date for FreeBSD 15.1
  • Q2 Status Report: The submission deadline for the FreeBSD quarterly status report (April–June) was June 14 — the report should appear in the coming weeks
  • The massive security batch demonstrates that AI-assisted security research is having real-world impact (GLM-5.1 found the thr_kill2 vulnerability)

Leave a Reply

Your email address will not be published. Required fields are marked *