{"uuid": "d26eabe6-bbcd-4c4a-8064-cc898d189d24", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-7270", "type": "seen", "source": "https://swecyb.com/ap/users/116080658609901341/statuses/116534940626646604", "content": "(calif.io) CVE-2026-7270: Root Privilege Escalation in FreeBSD via Kernel Memory Corruption in execve()\nNew critical LPE in FreeBSD: CVE-2026-7270 enables root access via a one-character error in `execve()` kernel handling. Exploit targets `sshd-session` with `LD_PRELOAD` injection through a race condition.\nIn brief - CVE-2026-7270 is a local privilege escalation flaw in FreeBSD (since 2013) caused by a sign error in `execve()` memory handling. Attackers can corrupt kernel memory during shebang script execution, inject `LD_PRELOAD`, and gain root via `sshd-session`. Affects default installations.\nTechnically - The bug in `sys/kern/kern_exec.c` (`exec_args_adjust_args`) miscalculates `memmove` size (`+ consume` instead of `- consume`), causing a 2,024-byte overflow into an adjacent `exec_map` entry. Exploit preseeds kernel memory at offset 265,166 bytes to replace `sshd-session` environment with `LD_PRELOAD=/tmp/evil.so`. Race condition optimized via fragmented argument strings to slow `execve` calls. Challenges include avoiding `MADV_FREE` under memory pressure and a 3.1% panic risk. PoC achieves root in seconds.\nSource: https://blog.calif.io/p/cve-2026-7270-how-i-get-root-on-freebsd\n#Cybersecurity #ThreatIntel", "creation_timestamp": "2026-05-07T19:29:19.325637Z"}