Ryan Austin

**Name of the Vulnerable Software and Affected Versions** FreeBSD versions prior to 15.0-RELEASE-p7 FreeBSD versions prior to 14.4-RELEASE-p3 FreeBSD versions prior to 14.3-RELEASE-p12 FreeBSD versions prior to 13.5-RELEASE-p13 FreeBSD versions from 2013 through 13.4.x **Description** An operator precedence bug in the kernel within the `exec args adjust args()` function leads to a buffer overflow. This allows attacker-controlled data to overwrite adjacent `execve(2)` argument buffers. An unprivileged user can exploit this issue to execute code with kernel privileges and obtain superuser (root) access to the system. **Recommendations** Update to version 15.0-RELEASE-p7. Update to version 14.4-RELEASE-p3. Update to version 14.3-RELEASE-p12. Update to version 13.5-RELEASE-p13. Apply the available patch for versions older than the listed releases.