FreeBSD NVMe/TCP Remote Denial-of-Service Vulnerability

A denial-of-service vulnerability has been identified in FreeBSD 15.0, specifically within the NVMe over Fabrics (nvmf) module. When an NVMe/TCP target is exposed, a remote client can cause a kernel panic by sending a CONNECT command for an I/O queue with an invalid or outdated CNTLID. This exploitation leads to an unauthenticated denial-of-service condition on the affected system.

Impact

Exploitation of this vulnerability causes a kernel panic, leading to a system crash.

Remediation

Users can upgrade to a supported FreeBSD stable or release/security branch dated after the correction date. For systems running FreeBSD 15.0-RELEASE on amd64 or arm64, installed via base system packages, the update can be performed using the pkg utility. For those not using base system packages, the freebsd-update utility can be used. Instructions for applying the update via a source code patch are also available.