FreeBSD : FreeBSD -- Jail reference count underflow (a65c31d1-74e0-11f1-958d-bc241121aa0a)

high Nessus Plugin ID 324129

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the a65c31d1-74e0-11f1-958d-bc241121aa0a advisory.

When the JAIL_AT_DESC flag is specified, kern_jail_set() and kern_jail_get() released the reference to the caller's current prison before looking up the jail descriptor. If the descriptor lookup failed, error-handling paths released the same reference a second time.
An unprivileged local user can trigger a prison reference count underflow, which may cause the prison structure to be freed while still in use. When this is done on the jail host, the bug will generally result in an immediate panic. However, if the user is running in a jail, then it may be possible to exploit the bug to elevate privileges.

Tenable has extracted the preceding description block directly from the FreeBSD security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

http://www.nessus.org/u?0353b47d

Plugin Details

Severity: High

ID: 324129

File Name: freebsd_pkg_a65c31d174e011f1958dbc241121aa0a.nasl

Version: 1.1

Type: Local

Published: 7/1/2026

Updated: 7/1/2026

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.9

Percentile: 58.03

CVSS v2

Risk Factor: Medium

Base Score: 5.6

Temporal Score: 4.1

Vector: CVSS2#AV:L/AC:L/Au:N/C:N/I:C/A:P

CVSS Score Source: CVE-2026-49419

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 6.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:freebsd-kernel, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Settings/ParanoidReport, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Exploit Ease: No known exploits are available

Patch Publication Date: 7/1/2026

Vulnerability Publication Date: 7/1/2026

Reference Information

CVE: CVE-2026-49419