PT-2026-28219 · Freebsd+1 · Freebsd+2
Nicholas Carlini
·
Published
2026-03-26
·
Updated
2026-06-06
·
CVE-2026-4747
CVSS v2.0
9.0
High
| Vector | AV:N/AC:L/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
FreeBSD (affected versions not specified)
Description
A stack overflow exists in the
kgssapi.ko kernel module and the librpcgss sec library during the validation of RPCSEC GSS data packets. The routine responsible for checking the packet signature copies a portion of the packet into a stack buffer without verifying if the buffer is sufficiently large. This flaw allows a malicious client to trigger a stack overflow without prior authentication.In the kernel, this can lead to remote code execution if an authenticated user sends packets to the kernel's NFS server while
kgssapi.ko is loaded. In userspace, any application that runs an RPC server and has librpcgss sec loaded is vulnerable to remote code execution from any client capable of sending packets.Recommendations
As a temporary workaround, consider restricting access to the kernel's NFS server or avoiding the use of the
kgssapi.ko module until a patch is applied.
Restrict the use of the librpcgss sec library in userspace RPC applications to minimize the risk of exploitation.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.Exploit
RCE
DoS
Stack Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Freebsd
Kgssapi.Ko
Librpcgss Sec