FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

FreeBSD -- Local privilege escalation via execve()

Affected packages
15.0 <= FreeBSD-kernel < 15.0_7
14.4 <= FreeBSD-kernel < 14.4_3
14.3 <= FreeBSD-kernel < 14.3_12
13.5 <= FreeBSD-kernel < 13.5_13

Details

VuXML ID f528ea29-4434-11f1-bb07-bc241121aa0a
Discovery 2026-04-29
Entry 2026-04-30

Problem Description:

An operator precedence bug in the kernel results in a scenario where a buffer overflow causes attacker-controlled data to overwrite adjacent execve(2) argument buffers.

Impact:

The bug may be exploitable by an unprivileged user to obtain superuser privileges.

References

CVE Name CVE-2026-7270
FreeBSD Advisory SA-26:13.exec

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.