MNBSD-2026-0: Local DoS and possible privilege escalation via routing sockets

Severity: Unknown

Affected Package: kernel

Summary: Local DoS and possible privilege escalation via routing sockets

Description

The bug allows an unprivileged user to crash the kernel by triggering a stack buffer overflow in rtsock_msg_buffer(). In particular, the overflow will corrupt a stack canary value that is verified when the function returns; this mitigates the impact of the stack overflow by triggering a kernel panic. Other kernel bugs may exist that allow userspace to find the canary value and thus defeating the mitigation, at which point local privilege escalation may be possible.

Affected Versions

kernel

Recommendations

No specific recommendations provided.

References

https://www.freebsd.org/security/advisories/FreeBSD-SA-26:05.route.asc
https://www.cvedetails.com/cve/cve-2026-3038

Additional Information

Aliases: CVE-2026-3038

Published: March 16, 2026
Last Modified: March 16, 2026