FreeBSD 15.1-RC1 is now available, and it brings six critical security advisories (from SA-26:19 to SA-26:24) discovered with the help of artificial intelligence tools. The final stable release is scheduled for June. Among the fixed bugs are a use-after-free in the kernel via file descriptor calls, a missing validation in ptrace that allowed privilege escalation to root, and a remote code execution vulnerability in the installer when scanning WiFi networks.
Deep patches and an AI that sniffs bugs 🐛
The most delicate fix is the use-after-free in the file descriptor subsystem, which could be exploited locally to corrupt memory. The ptrace flaw, on the other hand, allowed an unprivileged process to gain full system access. In the bsdinstall installer, a malicious scan of WiFi access points could trigger remote code execution during installation. Mitigations are available in the official patches and in the releng/15.1 branch.
Installer WiFi: now only for hungry hackers 🍔
Having an operating system installer allow remote code execution just by scanning WiFi networks is a classic nobody asked for. It's like asking for your router password when you load the browser. Good thing the AI found the hole before some smart aleck set up an access point called FreeBSD_Update_Fake. Now, we wait until June to see if the installer stops being a minefield.