Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Security issues that affect the FreeBSD operating system or applications in the FreeBSD Ports Collection are documented using the Vulnerabilities and Exposures Markup Language (VuXML). The current VuXML document that serves as the source for the content of this site can be found:

Please report security issues to the FreeBSD Security Team at . Full contact details, including information handling policies and PGP key, can be found on the FreeBSD Security page.


Entered Topic
2018-09-12 FreeBSD -- Improper ELF header parsing
2018-08-22 FreeBSD -- L1 Terminal Fault (L1TF) Kernel Information Disclosure
FreeBSD -- Resource exhaustion in IP fragment reassembly
2018-08-06 FreeBSD -- Resource exhaustion in TCP reassembly
2018-06-21 FreeBSD -- Lazy FPU State Restore Information Disclosure
2018-05-08 FreeBSD -- Mishandling of x86 debug exceptions
2018-04-05 FreeBSD -- ipsec crash or denial of service
FreeBSD -- vt console memory disclosure
2018-03-14 FreeBSD -- ipsec validation and use-after-free
FreeBSD -- Speculative Execution Vulnerabilities
2017-12-06 FreeBSD -- Information leak in kldstat(2)
FreeBSD -- Kernel data leak via ptrace(PT_LWPINFO)
FreeBSD -- POSIX shm allows jails to access global namespace
2017-05-26 FreeBSD -- ipfilter(4) fragment handling panic
2016-10-25 FreeBSD -- bhyve - privilege escalation vulnerability
2016-08-11 FreeBSD -- Buffer overflow in keyboard driver
FreeBSD -- Deadlock in the NFS server
FreeBSD -- Denial of Service in TCP packet processing
FreeBSD -- Denial of Service with IPv6 Router Advertisements
FreeBSD -- Incorrect argument handling in sendmsg(2)
FreeBSD -- Incorrect argument validation in sysarch(2)
FreeBSD -- Integer overflow in IGMP protocol
FreeBSD -- Kernel memory disclosure in control messages and SCTP
FreeBSD -- Kernel stack disclosure in 4.3BSD compatibility layer
FreeBSD -- Kernel stack disclosure in Linux compatibility layer
FreeBSD -- Kernel stack disclosure in setlogin(2) / getlogin(2)
FreeBSD -- ktrace kernel memory disclosure
FreeBSD -- Linux compatibility layer incorrect futex handling
FreeBSD -- Linux compatibility layer issetugid(2) system call
FreeBSD -- Linux compatibility layer setgroups(2) system call
FreeBSD -- Local privilege escalation in IRET handler
FreeBSD -- memory leak in sandboxed namei lookup
FreeBSD -- Resource exhaustion due to sessions stuck in LAST_ACK state
FreeBSD -- Resource exhaustion in TCP reassembly
FreeBSD -- SCTP ICMPv6 error message vulnerability
FreeBSD -- SCTP SCTP_SS_VALUE kernel memory corruption and disclosure
FreeBSD -- SCTP stream reset vulnerability
FreeBSD -- TCP MD5 signature denial of service
FreeBSD -- TCP reassembly vulnerability
2016-08-09 FreeBSD -- Incorrect privilege validation in the NFS server
FreeBSD -- integer overflow in IP_MSFILTER
FreeBSD -- Kernel memory disclosure in sctp(4)