FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

FreeBSD -- Incorrect audit records for ptrace(2) syscall requests

Affected packages
15.1 <= FreeBSD-kernel < 15.1_1
15.0 <= FreeBSD-kernel < 15.0_11
14.4 <= FreeBSD-kernel < 14.4_7
14.3 <= FreeBSD-kernel < 14.3_16

Details

VuXML ID cd658f09-74e2-11f1-958d-bc241121aa0a
Discovery 2026-06-30
Entry 2026-07-01

Problem Description:

When auditing a system call executed via ptrace(PT_SC_REMOTE), the kernel passed the return value of an internal setup function to AUDIT_SYSCALL_EXIT() rather than the actual result of the executed system call. As a result, committed audit records for system calls which returned an error do not reflect the true outcome of the operation. That is, they indicate that the operation succeeded when it in fact failed.

Impact:

Audit records for system calls executed via ptrace(PT_SC_REMOTE) may show an incorrect error status. An attacker with the ability to debug a process could use this to produce misleading audit trails, potentially undermining audit-based Intrusion Detection Systems (IDS).

References

CVE Name CVE-2026-49426
FreeBSD Advisory SA-26:45.audit