Comment by socphoenix
3 days ago
Not sure why this is saying it isn’t patched, they released the notice including fix for 14.4 yesterday?
3 days ago
Not sure why this is saying it isn’t patched, they released the notice including fix for 14.4 yesterday?
Maybe they're not up to snuff on yesterday? They published this yesterday.
> The bug was silently fixed in the main branch on 2025-11-27 (commit 000d5b52c19ff3858a6f0cbb405d47713c4267a4) as a side effect of a broader function refactoring. The fix has not been backported to stable/14 or releng/14.4. FreeBSD 14.4-RELEASE remains vulnerable.
> FreeBSD 15.0 still carries the sizeof(*groups) typo and is therefore vulnerable, but the surrounding code differs enough from 14.4 that the chain primitives developed here do not lift the overflow into a working LPE on that branch. On 15.0 the bug remains a kernel panic triggered by any unprivileged user.