A critical kernel stack buffer overflow vulnerability (CVE-2026-45250) has been discovered in FreeBSD 14.x's setcred(2) system call, allowing unprivileged local users to achieve root access. The vulnerability affects all FreeBSD 14.x versions and 15.0, with working exploits developed for both SMAP/SMEP-enabled and non-mitigated systems. Patches have been released for supported branches (14.3, 14.4, and 15.0), and users are strongly advised to update immediately.
Background
FreeBSD is a free and open-source Unix-like operating system known for its advanced networking, performance, and security features. Kernel vulnerabilities in operating systems are particularly critical as they can allow attackers to gain complete control over affected systems.
- Source
- Lobsters
- Published
- May 21, 2026 at 09:42 PM
- Score
- 9.0 / 10