FreeBSD Ptrace Missing Validation Vulnerability Leading to Privilege Escalation

A vulnerability exists in the ptrace system call, specifically with the PT_SC_REMOTE operation, across all supported FreeBSD versions. The issue arises because the ptrace call failed to properly validate parameters for certain meta-system calls, allowing unprivileged local users to execute arbitrary code in the kernel. This could lead to unauthorized privilege escalation and potentially full control over the affected system.

Impact

Exploitation of this vulnerability allows an unprivileged local user to escalate privileges, with the potential to gain full control of the affected system.

Remediation

Users can upgrade to a supported FreeBSD stable or release branch dated after the correction date and reboot the system. Instructions for updating via the pkg utility, freebsd-update utility, or by applying a source code patch are available in the FreeBSD Security Advisory FreeBSD-SA-26:21.ptrace.