FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

FreeBSD -- Kernel stack disclosure in Linux compatibility layer

Affected packages
15.0 <= FreeBSD-kernel < 15.0_11
14.4 <= FreeBSD-kernel < 14.4_7
14.3 <= FreeBSD-kernel < 14.3_16

Details

VuXML ID 2355c475-74e3-11f1-958d-bc241121aa0a
Discovery 2026-06-30
Entry 2026-07-01

Problem Description:

The Linux waitid() implementation translates a FreeBSD siginfo_t struct into a stack-declared Linux siginfo_t. It did not first zero the stack struct.

Impact:

An unprivileged user may observe 104 bytes of uninitialized kernel stack data, which may contain sensitive information.

References

CVE Name CVE-2026-49424
FreeBSD Advisory SA-26:47.linux