FreeBSD Stack Buffer Overflow Vulnerability in setcred System Call Allows Privilege Escalation

A stack buffer overflow vulnerability has been identified in the setcred system call on FreeBSD. This issue affects all supported versions of FreeBSD. The vulnerability arises because the system call, which is intended for privileged users, copies a user-supplied list of supplementary groups into a fixed-size kernel stack buffer without validating the length of the list first. This oversight allows an unprivileged local user to exploit the overflow, potentially leading to arbitrary code execution in the kernel context and unauthorized elevation of privileges.

Impact

Exploitation of this vulnerability could allow an unprivileged local user to execute arbitrary code in the kernel, resulting in unauthorized privilege escalation on the affected system.

Remediation

Users can upgrade to a supported FreeBSD stable or release branch dated after the correction date. For systems running FreeBSD 15.0-RELEASE on amd64 or arm64, the update can be performed using the pkg utility. For FreeBSD 14.x, the update can be applied via the freebsd-update utility. Instructions for applying the update via source code patches are also available.