CVE-2026-3038

Name of the Vulnerable Software and Affected Versions FreeBSD (affected versions not specified)

Description The rtsock msg buffer() function copies sockaddr structures into a sockaddr storage structure on the stack without proper validation of the source sockaddr length. This can lead to a 127-byte stack buffer overflow. The overflow overwrites the stack canary for the rtsock msg buffer() function, causing a kernel panic upon function return. An unprivileged user can crash the kernel by triggering this overflow. While the stack canary provides mitigation, other kernel bugs could potentially allow an attacker to bypass this protection, potentially leading to local privilege escalation.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.