CVE-2026-7270

Name of the Vulnerable Software and Affected Versions FreeBSD versions prior to 15.0-RELEASE-p7 FreeBSD versions prior to 14.4-RELEASE-p3 FreeBSD versions prior to 14.3-RELEASE-p12 FreeBSD versions prior to 13.5-RELEASE-p13 FreeBSD versions from 2013 through 13.4.x

Description An operator precedence bug in the kernel within the exec args adjust args() function leads to a buffer overflow. This allows attacker-controlled data to overwrite adjacent execve(2) argument buffers. An unprivileged user can exploit this issue to execute code with kernel privileges and obtain superuser (root) access to the system.

Recommendations Update to version 15.0-RELEASE-p7. Update to version 14.4-RELEASE-p3. Update to version 14.3-RELEASE-p12. Update to version 13.5-RELEASE-p13. Apply the available patch for versions older than the listed releases.