CVE-2026-3038 Local DoS and possible privilege escalation via routing sockets

The rtsockmsgbuffer function serializes routing information into a buffer. As a part of this, it copies sockaddr structures into a sockaddrstorage structure on the stack. It assumes that the source sockaddr length field had already been validated, but this is not necessarily the case, and it's...

CVE-2026-3038 Local DoS and possible privilege escalation via routing sockets

The rtsockmsgbuffer function serializes routing information into a buffer. As a part of this, it copies sockaddr structures into a sockaddrstorage structure on the stack. It assumes that the source sockaddr length field had already been validated, but this is not necessarily the case, and it's...

CVE-2026-3038

The CVE-2026-3038 issue is a FreeBSD routing socket bug in rtsock_msg_buffer() that can overflow a stack buffer on the stack, overwriting the canary and causing a kernel panic. It arises when a source sockaddr length is not validated, allowing unprivileged users to trigger a 127-byte overflow and...

FreeBSD 安全漏洞

FreeBSD is a Unix-like operating system developed by the FreeBSD Foundation. FreeBSD has a security vulnerability that stems from the rtsockmsgbuffer function not verifying the length field of the source sockaddr. This can lead to a stack buffer overflow, potentially causing a kernel crash...

FreeBSD Security Advisory - FreeBSD-SA-26:05.route

FreeBSD Security Advisory - The rtsockmsgbuffer function serializes routing information into a buffer. As a part of this, it copies sockaddr structures into a sockaddrstorage structure on the stack. It assumes that the source sockaddr length field had already been validated, but this is not...

FreeBSD-SA-26:05.route

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-26:05.route Security Advisory The FreeBSD Project Topic: Local DoS and possible privilege escalation via routing sockets Category: core Module: route Announced:...