1. Forum
  2. FidoNet
  3. comp.unix.bsd.freebsd.ann

  • FreeBSD Errata Notice FreeBSD-EN-26:03.vm

    From FreeBSD Errata Notices@3:633/10 to All on Tuesday, January 27, 2026 23:00:11
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    ============================================================================= FreeBSD-EN-26:03.vm Errata Notice
    The FreeBSD Project

    Topic: The page fault handler fails to zero memory

    Category: core
    Module: vm
    Announced: 2026-01-27
    Affects: All supported versions of FreeBSD.
    Corrected: 2025-12-15 10:37:54 UTC (stable/15, 15.0-STABLE)
    2026-01-27 19:15:47 UTC (releng/15.0, 15.0-RELEASE-p2)
    2025-12-15 10:42:28 UTC (stable/14, 14.3-STABLE)
    2026-01-27 19:16:12 UTC (releng/14.3, 14.3-RELEASE-p8)
    2026-01-26 15:18:32 UTC (stable/13, 13.4-STABLE)
    2026-01-27 19:16:34 UTC (releng/13.5, 13.5-RELEASE-p9)

    For general information regarding FreeBSD Errata Notices and Security Advisories, including descriptions of the fields above, security
    branches, and the following sections, please visit <URL:https://security.FreeBSD.org/>.

    I. Background

    The mmap(2) system call allows applications and system libraries to allocate heap memory using the MAP_ANON flag. The system call allocates virtual memory in the calling thread's address space and physical memory is allocated on demand as page faults occur. Memory allocated this way is guaranteed to be zero-filled.

    II. Problem Description

    Under some conditions, the physical pages allocated and mapped by the kernel may not be zero-filled.

    III. Impact

    This bug has been observed to cause process crashes.

    IV. Workaround

    No workaround is available.

    V. Solution

    Upgrade your system to a supported FreeBSD stable or release / security
    branch (releng) dated after the correction date.

    Perform one of the following:

    1) To update your system via a binary patch:

    Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms, or the i386 platform on FreeBSD 13, can be updated via the freebsd-update(8) utility:

    # freebsd-update fetch
    # freebsd-update install
    # shutdown -r now

    2) To update your system via a source code patch:

    The following patches have been verified to apply to the applicable
    FreeBSD release branches.

    a) Download the relevant patch from the location below, and verify the
    detached PGP signature using your PGP utility.

    [FreeBSD 15.0]
    # fetch https://security.FreeBSD.org/patches/EN-26:03/vm-15.patch
    # fetch https://security.FreeBSD.org/patches/EN-26:03/vm-15.patch.asc
    # gpg --verify vm-15.patch.asc

    [FreeBSD 14.3]
    # fetch https://security.FreeBSD.org/patches/EN-26:03/vm-14.patch
    # fetch https://security.FreeBSD.org/patches/EN-26:03/vm-14.patch.asc
    # gpg --verify vm-14.patch.asc

    [FreeBSD 13.5]
    # fetch https://security.FreeBSD.org/patches/EN-26:03/vm-13.patch
    # fetch https://security.FreeBSD.org/patches/EN-26:03/vm-13.patch.asc
    # gpg --verify vm-13.patch.asc

    b) Apply the patch. Execute the following commands as root:

    # cd /usr/src
    # patch < /path/to/patch

    c) Recompile your kernel as described in <URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
    system.

    VI. Correction details

    This issue is corrected as of the corresponding Git commit hash in the following stable and release branches:

    Branch/path Hash Revision
    - ------------------------------------------------------------------------- stable/15/ 3c0942f99209 stable/15-n281508 releng/15.0/ 6e279feb40be releng/15.0-n281002 stable/14/ 99f641267d44 stable/14-n272998 releng/14.3/ de311ee39b3f releng/14.3-n271457 stable/13/ babac9d7bc05 stable/13-n259725 releng/13.5/ 4967e14ba25b releng/13.5-n259188
    - -------------------------------------------------------------------------

    Run the following command to see which files were modified by a
    particular commit:

    # git show --stat <commit hash>

    Or visit the following URL, replacing NNNNNN with the hash:

    <URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN>

    To determine the commit count in a working tree (for comparison against
    nNNNNNN in the table above), run:

    # git rev-list --count --first-parent HEAD

    VII. References

    The latest revision of this advisory is available at <URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-26:03.vm.asc> -----BEGIN PGP SIGNATURE-----

    iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAml5NC8ACgkQbljekB8A Gu/4KhAAgF/05mLRDs9wlSC1BrN5xZf6zoFdrsj0BC72miZD1qQXe9VtxzJINMLu b/jbKYT1ILPEXGhHX7epjc4GEM1Eq/kUJnTb35jnkFN63stMn1MX1nqtSNxLzj5f tJcsb2Atp/3EkNMhcFwFmolQ2qSdQG+s7xDZhHI/hNi5CS/8B7W59LZI3tWXJujM AbTiHZZSS68RA/co0lmbDYtLMkFEuQBLdcDAdfOHL5+rV2/QIAVYBdqiynVx+cia iJBbwBuOjiMWSdqP9JiSRnd1HhW3dMUMJTlZFmyGiQNmS+lYE1AgLgPdMPwSReO8 +79yUfIrFUqWpG6lM33a9T/t3jN8ejZsYRO8OFghvtaePJvUm/P6D0n0werR8PaE lI9u7BlBqpX9PJ4FUJmUCHAojqXH6msT2RXLg5GcLhjlApMUi2hAcNuT9tp7/+4A ekc0/sZqJdrcWTmu00w6Tpk9zohW/MX/DHxNEj4SPn5dpjvz9QttaCpNJNyNARuU GdzZc8poPk3mpTcawABAD0LItpW6d2XLUehtgaWRc5mDoKZj5GIfLjDmqIqqxe9k C9e6bhL+1QSZQ2HTTNl8e/xoUX+D2pAiE4GkpRSc6u6ZZ3BOQ+fRwbZlnFSz6diT IIkUddz63TCmxPiiZiJs7XZFZMpx2wJTvuu51hjLs5t6Eswdk20=
    =ecKh
    -----END PGP SIGNATURE-----


    --- PyGate Linux v1.5.6
    * Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)