CVE-2026-45252— FreeBSD 安全漏洞

Heap overflow in FUSE_LISTXATTR

When a fusefs file system implements extended attributes, the kernel may send a FUSE_LISTXATTR message to the userspace daemon to retrieve the list of extended attributes for a given file. The FUSE protocol requires the daemon to return a packed list of NUL-terminated strings. The fusefs kernel module calls strlen() on this daemon-supplied buffer without first verifying that the entire list is NUL-terminated. If a malicious daemon sends a non-NUL-terminated list, the fusefs kernel module may read beyond the end of one heap-allocated buffer and potentially write beyond the end of a second buffer. A malicious daemon could disclose up to 253 bytes of kernel heap memory, or it could inject up to 250 attacker-controlled bytes into unallocated kernel heap space.

N/A

堆缓冲区溢出

FreeBSD 安全漏洞

FreeBSD是FreeBSD基金会的一套类Unix操作系统。 FreeBSD存在安全漏洞，该漏洞源于在处理扩展属性时，内核模块未验证守护进程返回的列表是否以NUL结尾，可能导致越界读取堆分配缓冲区并越界写入第二个缓冲区，恶意守护进程可泄露最多253字节内核堆内存或注入最多250字节攻击者控制的数据到未分配内核堆空间。

N/A

N/A