Primary

Context

FreeBSD Buffer Overflow Vulnerability in execve() System Call Allowing Local Privilege Escalation

Vulnerability

Patched

A buffer overflow vulnerability has been identified in the FreeBSD kernel's execve() system call, which is used to execute programs and pass arguments and environment variables. This vulnerability arises from an operator precedence error that allows attacker-controlled data to overwrite adjacent buffers containing execve() arguments. As a result, an unprivileged user could potentially exploit this flaw to gain superuser privileges.

Impact

Exploitation of this vulnerability could lead to unauthorized access to superuser privileges.

Remediation

Users can upgrade to a supported FreeBSD stable or release branch dated after the correction date. Instructions for updating via the pkg utility, freebsd-update utility, or by applying a source code patch are available in the FreeBSD Security Advisory FreeBSD-SA-26:13.exec.

Added: Apr 30, 2026, 7:19 AM

Updated: Apr 30, 2026, 7:19 AM

Vulnerability Rating

Custom Algorithm

spread

5.4

impact

7.5

exploitability

2.7

remediation

7.7

relevance

7.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.4

impact

7.5

exploitability

2.7

remediation

7.7

relevance

7.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

FreeBSD Buffer Overflow Vulnerability in execve() System Call Allowing Local Privilege Escalation

Vulnerability

Impact

Remediation

Affected Products

FreeBSD

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating