[Midnightbsd-cvs] [MidnightBSD/src] 5d203e: ktls: reject shared mbufs on receive decrypt
Lucas Holt
noreply at github.com
Wed Jun 10 19:16:17 EDT 2026
Branch: refs/heads/stable/4.1
Home: https://github.com/MidnightBSD/src
Commit: 5d203ec2e926139575890e0420e8cf202af12be6
https://github.com/MidnightBSD/src/commit/5d203ec2e926139575890e0420e8cf202af12be6
Author: Lucas Holt <luke at foolishgames.com>
Date: 2026-06-10 (Wed, 10 Jun 2026)
Changed paths:
M sys/kern/uipc_ktls.c
M tests/sys/kern/ktls_test.c
Log Message:
-----------
ktls: reject shared mbufs on receive decrypt
Avoid decrypting KTLS receive records in place when the detached record contains non-anonymous M_EXTPG pages or sendfile EXT_SFBUF mbufs. Those buffers may reference file-backed memory and must not be modified by the receive path.
CVE-2026-45257
AI-Assisted-by: OpenAI Codex
Signed-off-by: Lucas Holt <luke at foolishgames.com>
Commit: ded4930d72e8f69804eb6e119982bd255e420537
https://github.com/MidnightBSD/src/commit/ded4930d72e8f69804eb6e119982bd255e420537
Author: Lucas Holt <luke at foolishgames.com>
Date: 2026-06-10 (Wed, 10 Jun 2026)
Changed paths:
M UPDATING
Log Message:
-----------
UPDATING: note ktls CVE-2026-45257
AI-Assisted-by: OpenAI Codex
Signed-off-by: Lucas Holt <luke at foolishgames.com>
Commit: 117b0dd9ab226990d1f3b7e35ce2cdc7593214e5
https://github.com/MidnightBSD/src/commit/117b0dd9ab226990d1f3b7e35ce2cdc7593214e5
Author: Lucas Holt <luke at foolishgames.com>
Date: 2026-06-10 (Wed, 10 Jun 2026)
Changed paths:
M sys/kern/kern_thr.c
Log Message:
-----------
The missing check allows an unprivileged local user who knows or can guess a
target's process and thread IDs to send any signal to a process they would
not normally be permitted to signal, including processes owned by other
users or by root. The same check enforces jail boundaries, so a jailed
process can signal processes on the host or in other jails. Thread IDs are
allocated globally and sequentially, and so can be discovered by brute force
with no visibility into the target.
An attacker can stop or terminate arbitrary processes, including critical
system daemons, resulting in a Denial of Service (DoS).
Obtained from: FreeBSD
Compare: https://github.com/MidnightBSD/src/compare/f7a71ebde6a1...117b0dd9ab22
To unsubscribe from these emails, change your notification settings at https://github.com/MidnightBSD/src/settings/notifications
More information about the Midnightbsd-cvs
mailing list