-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-26:46.ktls Security Advisory The FreeBSD Project Topic: Remote DOS via uninitialized memory access in KTLS receive Category: core Module: ktls Announced: 2026-06-30 Credits: Yuxiang Yang, Yizhou Zhao, Ao Wang, Xuewei Feng, Qi Li, and Ke Xu from Tsinghua University using GLM-5.1 from Z.ai Affects: All supported versions of FreeBSD. Corrected: 2026-06-30 17:20:17 UTC (stable/15, 15.1-STABLE) 2026-06-30 17:22:06 UTC (releng/15.1, 15.1-RELEASE-p1) 2026-06-30 17:21:33 UTC (releng/15.0, 15.0-RELEASE-p11) 2026-06-30 17:19:58 UTC (stable/14, 14.4-STABLE) 2026-06-30 17:21:06 UTC (releng/14.4, 14.4-RELEASE-p7) 2026-06-30 17:20:39 UTC (releng/14.3, 14.3-RELEASE-p16) CVE Name: CVE-2026-49423 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background Kernel TLS (KTLS) moves Transport Layer Security (TLS) record processing into the kernel, allowing applications to encrypt and decrypt socket data without copying it to and from userspace and to serve TLS data with sendfile(2). When a connection uses software KTLS on the receive path, the kernel decrypts each incoming TLS record in place within the socket buffer. II. Problem Description When building the iovec array for a received TLS 1.2 CBC record, ktls_ocf_tls_cbc_decrypt() incremented the iovec index for every mbuf in the chain, including mbufs that were skipped because they contained only TLS header bytes. This left uninitialized entries in the iovec array. The iovec array was allocated without zeroing. III. Impact A remote TLS peer can cause the kernel to read from uninitialized iovec entries during HMAC computation, resulting in a kernel panic. The peer must be able to control TCP segmentation such that the first mbuf of a CBC record contains only the 5-byte TLS record header. IV. Workaround Only users running an application which enables receive-side KTLS are affected. Systems with the kern.ipc.tls.enable sysctl set to 0 are unaffected. The kern.ipc.tls.cbc_enable sysctl prevents applications from using AES-CBC with KTLS. Setting it to 0 will prevent applications from establishing new KTLS sessions using AES-CBC. V. Solution Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date, and reboot the system. Perform one of the following: 1) To update your vulnerable system installed from base system packages: Systems running a 15.0-RELEASE or later version of FreeBSD on the amd64 or arm64 platforms, which were installed using base system packages, can be updated via the pkg(8) utility: # pkg upgrade -r FreeBSD-base # shutdown -r +10min "Rebooting for a security update" 2) To update your vulnerable system installed from binary distribution sets: Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms which were not installed using base system packages can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install # shutdown -r +10min "Rebooting for a security update" 3) To update your vulnerable system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch https://security.FreeBSD.org/patches/SA-26:46/ktls.patch # fetch https://security.FreeBSD.org/patches/SA-26:46/ktls.patch.asc # gpg --verify ktls.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch -E -p0 < /path/to/patch c) Recompile your kernel as described in and reboot the system. VI. Correction details This issue is corrected as of the corresponding Git commit hash in the following stable and release branches: Branch/path Hash Revision - ------------------------------------------------------------------------- stable/15/ e4e6250999aa stable/15-n284332 releng/15.1/ 54372e3b56b7 releng/15.1-n283577 releng/15.0/ 5357f822416a releng/15.0-n281079 stable/14/ a7787f9f8b8e stable/14-n274457 releng/14.4/ 5f83a1c159a3 releng/14.4-n273739 releng/14.3/ f769a69b2da3 releng/14.3-n271539 - ------------------------------------------------------------------------- Run the following command to see which files were modified by a particular commit: # git show --stat Or visit the following URL, replacing NNNNNN with the hash: To determine the commit count in a working tree (for comparison against nNNNNNN in the table above), run: # git rev-list --count --first-parent HEAD VII. References The latest revision of this advisory is available at -----BEGIN PGP SIGNATURE----- iQJPBAEBCgA5FiEEthUnfoEIffdcgYM7bljekB8AGu8FAmpEElEbFIAAAAAABAAO bWFudTIsMi41KzEuMTIsMCwzAAoJEG5Y3pAfABrv30sP/iVFbjgTnP8WcG8GwxN7 DDoO/1HOui5ZbmNNJlgDWxwhmJXEOPlvJeZRy7H4r/+HQ3ri+sUX1cwNyhJx26X6 TE74fmwj2Q/cC2FOUDUNYEz6VpIHzTgJjZreFwCZV59oxwKVc2tcqZvWaj7yXphq nfDqr3hQ8xJbdpCH+3Zl7JZh/CQwmzjmXkmHB7PqAlkV8OUpO6WzuOBLPqEVISf7 nIoasmrYAxRNy1IISCMCufHMGRoSACHdd1LWzJlP+rs0H3GisB3hcFttUf+PY+0B EGo0D93/RtfnLAiE/6yqbUETwtNpoGT7QcIKmeOWAA8VY3VDdtBkn3Y78VRD4CW1 iUUO7WoFs72vYr8WVcSKgUFXuWgnNQsOTmJypm1Vh+RjgXa8Jai+vUYRNW3gHUWp WTKRNmhvrn08owFnAiWeT0Os3dIieRZEcgETiJRt7dqz0+FkOTtPWdOGKjGEkUTM k8BxI/Uvvxn0uXEPKVQINhjBD5VBlYSehRWzkfGDgWmYQVqsLsuNL0TMOrPvqTsq y2qS9jcfmzh5LWzfoPPFfAE/vvBCHn+MtSZLcPNPeVWnNzBVKvG1RQ194pOGUxMp AxrXRGR8/8AcjusG4D/AC7fIEK7POpsYoo95BEoGnqJafZiBp9VRs5bKk7WLYB1t TSdVgqVBAwCVixX6+dqoX9c4 =rk8Z -----END PGP SIGNATURE-----