FreeBSD 15.1-RC1 Released: Fixes With Now Seeing More AI-Discovered Security Issues
In addition to the recent influx of Linux security vulnerabilities affecting Linux, FreeBSD has also begun receiving security reports via AI/LLM-driven discovery tools. FreeBSD 15.1-RC1 is out today ahead of the planned official release in June and it brings a handful of security fixes out of this new AI-driven security research space.
FreeBSD 15.1-RC1 ships with security mitigations for security advisories FreeBSD-SA-26:19 through FreeBSD-SA-26:24. AI-driven security research firm Calif.io along with other parties discovered a kernel use-after-free via file descriptor system calls.
Meanwhile others using GLM-5.1 from Z.ai found missing validation in ptrace(PT_SC_REMOTE) that can allow unprivileged local users to escalate privileges to root.
A remote code execution vulnerability via the FreeBSD installer WiFi access point scans was also uncovered. With this, a suitably crafted network name could cause executing commands via sub-shell when scanning for WiFi networks during the bsdinstall and bsdconfig processes.
AISLE Research Team that uses autonomous vulnerability discovery also found a number of FreeBSD security issues. Among the discoveries by the AISLE Research Team this round were a heap overflow in the FUSE file-system code, select(2) file descriptor set overflow causes stack overflow, and incorrect libcap_net limitation list manipulation could extend permissions of the process.
Beyond this increase of security issues now being tackled by FreeBSD developers, FreeBSD 15.1-RC1 also brings improvements to the fwget firmware tool and various small kernel bug fixes and man page updates.
The FreeBSD 15.1-RC1 release announcement can be read on the FreeBSD mailing list. If all goes well FreeBSD 15.1-RELEASE will hopefully be out in June and ideally with not too many more AI-detected security issues uncovered by that point.
FreeBSD 15.1-RC1 ships with security mitigations for security advisories FreeBSD-SA-26:19 through FreeBSD-SA-26:24. AI-driven security research firm Calif.io along with other parties discovered a kernel use-after-free via file descriptor system calls.
Meanwhile others using GLM-5.1 from Z.ai found missing validation in ptrace(PT_SC_REMOTE) that can allow unprivileged local users to escalate privileges to root.
A remote code execution vulnerability via the FreeBSD installer WiFi access point scans was also uncovered. With this, a suitably crafted network name could cause executing commands via sub-shell when scanning for WiFi networks during the bsdinstall and bsdconfig processes.
AISLE Research Team that uses autonomous vulnerability discovery also found a number of FreeBSD security issues. Among the discoveries by the AISLE Research Team this round were a heap overflow in the FUSE file-system code, select(2) file descriptor set overflow causes stack overflow, and incorrect libcap_net limitation list manipulation could extend permissions of the process.
Beyond this increase of security issues now being tackled by FreeBSD developers, FreeBSD 15.1-RC1 also brings improvements to the fwget firmware tool and various small kernel bug fixes and man page updates.
The FreeBSD 15.1-RC1 release announcement can be read on the FreeBSD mailing list. If all goes well FreeBSD 15.1-RELEASE will hopefully be out in June and ideally with not too many more AI-detected security issues uncovered by that point.