SB2026033033 - Multiple vulnerabilities in FreeBSD

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2026033033

SB2026033033 - Multiple vulnerabilities in FreeBSD

Published: March 30, 2026

Security Bulletin ID SB2026033033
Severity
High
Patch available
YES
Number of vulnerabilities 4
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 25% Medium 75%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 4 secuirty vulnerabilities.


1) Improper resource shutdown or release (CVE-ID: CVE-2026-4247)

The vulnerability allows a remote attacker to cause a denial of service.

The vulnerability exists due to improper memory management in the TCP stack when handling unexpected TCP segments that meet challenge ACK criteria. A remote attacker can send a specially crafted sequence of TCP packets to exceed the rate limit for challenge ACKs and trigger an mbuf leak, leading to resource exhaustion.

Off-path attackers may also exploit this issue by spoofing packets with guessed connection parameters, though this is more difficult.


2) NULL pointer dereference (CVE-ID: CVE-2026-4652)

The vulnerability allows a remote attacker to cause a denial of service.

The vulnerability exists due to a null pointer dereference in the nvmf driver when handling CONNECT commands for I/O queues with a bogus or stale CNTLID. A remote attacker can send a specially crafted CONNECT command to cause a kernel panic.


3) Stack-based buffer overflow (CVE-ID: CVE-2026-4747)

The vulnerability allows a remote attacker to execute arbitrary code in the kernel or in userspace RPC servers.

The vulnerability exists due to improper input validation in the RPCSEC_GSS packet validation routine when handling RPC packets. A remote attacker can send a specially crafted RPC packet to trigger a stack overflow, leading to arbitrary code execution.

The kernel component kgssapi.ko is vulnerable when loaded, and userspace applications linked with librpcsec_gss that run an RPC server are also vulnerable. 


4) Input validation error (CVE-ID: CVE-2026-4748)

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to an error in pf packet filter implementation when handling rules containing the address range syntax (x.x.x.x - y.y.y.y) that only differ in the address ranges. A remote attacker can bypass previously configured rules and gain unauthorized access to the system bypassing packet filtering. 


Remediation

Install update from vendor's website.

References