From nobody Tue Sep 16 17:03:35 2025 X-Original-To: freebsd-errata-notifications@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4cR7X83LT7z67cvT for ; Tue, 16 Sep 2025 17:03:36 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2610:1c1:1:6074::16:84]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "freefall.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4cR7X75xJNz46Hf; Tue, 16 Sep 2025 17:03:35 +0000 (UTC) (envelope-from security-advisories@freebsd.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1758042215; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc; bh=prh+ceQ95JFmmUijODdX6oo/FadXL8pQfAv5huvK+eA=; b=CWcseLEaZekCeepEAoqNJnauo1wQchfHt2zXR9SRiL83Hq/7XJ1isE3wcUghxnmYQy6UL/ b2BRZ0Jf/yFFINEosttwFV5tpUGC+wjJq+fUFRj1W58c1qjItBtoK5rfdCNTvFQl8+uuPC cjEUVdY/DL4Nr7V5Vb979rHVQIMll0EVXSzHxim3Dp9pZJCMaxlp+XTs6XDbHn6QSL5gYh EyAs+BFI6MGKWuOqDwfujlQZ2uOiSHaihCd46WUbQ5I14XREWMDRYN+LCGcheB84H0eJVH IMg9sYTk1C+rgTId7i0AjevPo4Zne55TBtOCOlO6eWJGaFBVjDirkZdygX6VQw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1758042215; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc; bh=prh+ceQ95JFmmUijODdX6oo/FadXL8pQfAv5huvK+eA=; b=ZYmZpS/z4sb7ZkNhvKY3jPim3u+/z38YgLPcAUZCre0VnC3lEK7DKeETMpIX5zdSopextU GyICPGqyDX0kIOOpEfoY6fSw2isJLb5K+LRLmCzUcq71hx57Gpua2HDd+9AuJqzpKEUdSk pdDHRQxVuJJi+bi67UoedrkpzQqUYBPoZHMo43uf4u3zE9oqeaDAcZNXmdCS4PFfnFvhwZ FdQT3YQFcNUYLJdTG4RmFmkXY7RGh9Vm//ZWja6eKBGaCD/X9RPZ7pqW/6pWsrjMnxl9BK srPbDkUBnTo/KhnF/D38LiOuLVVM8a0/bxg+2+Br7LNIlb6Rdq3dJpjTGAoboA== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1758042215; a=rsa-sha256; cv=none; b=LWpH67MUgFBlkxtUe8J/HRXHEqaRKfY29tgQXaGm4KB7wCdYUHJ+KIJAO4Hr/gMAOWp/5V rYhFaiM8Soa3KjCcM8kA/P6MeMA0mt1A3P/R4qfJ62tSMKz2gwH5NMEOOoJSD3Yc/3LWet 7WJ7l6QPkpkVKfA0q/l25x55EoEljDfSL0Nr08wiK4xXD7ea7GX00dlX4CknGltNdvtWkQ dx996rCzhUlbjfESlaDp5xhqAepMb1gcqgWVLs3p/GoB7Viu4QaOHUgZ/Rb27ISP+68yTJ eZ4mR3K4fX92t2589uDTio/PXIY5GFl6btacnya5Wnu/PhkKqydVNsq7UHrH/w== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Received: by freefall.freebsd.org (Postfix, from userid 945) id B52EC58E; Tue, 16 Sep 2025 17:03:35 +0000 (-00) From: FreeBSD Errata Notices To: FreeBSD Errata Notices Subject: FreeBSD Errata Notice FreeBSD-EN-25:15.arm64 Reply-To: freebsd-stable@freebsd.org Precedence: bulk Message-Id: <20250916170335.B52EC58E@freefall.freebsd.org> Date: Tue, 16 Sep 2025 17:03:35 +0000 (-00) List-Id: Moderated Errata Notifications [moderated, low volume] List-Archive: https://lists.freebsd.org/archives/freebsd-errata-notifications List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-errata-notifications@freebsd.org X-BeenThere: freebsd-errata-notifications@freebsd.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-EN-25:15.arm64 Errata Notice The FreeBSD Project Topic: arm64 syscall(2) allows unprivileged user to panic kernel Category: core Module: arm64 Announced: 2025-09-16 Credits: Juniper Networks, Inc. Affects: All supported versions of FreeBSD. Corrected: 2025-08-25 15:23:01 UTC (stable/14, 14.3-STABLE) 2025-09-16 16:31:06 UTC (releng/14.3, 14.3-RELEASE-p3) 2025-09-16 16:31:17 UTC (releng/14.2, 14.2-RELEASE-p6) 2025-08-25 15:23:22 UTC (stable/13, 13.5-STABLE) 2025-09-16 16:31:26 UTC (releng/13.5, 13.5-RELEASE-p4) For general information regarding FreeBSD Errata Notices and Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background The FreeBSD arm64 kernel implements a 32-bit compatibility layer, enabling execution of unmodified 32-bit arm binaries on a 64-bit system. FreeBSD implements a pseudo system call, syscall(2), which lets the caller invoke a system call selected using the first system call argument. II. Problem Description The 32-bit compatibility layer implements syscall(2). It performs some validation of the system call parameters and explicitly calls panic() to panic the system if an unexpected state is reached. It is possible to construct a program which can reach this unexpected state, resulting in a panic. In particular, no particular privileges are required to do so. III. Impact An unprivileged user may be able to trigger a panic. IV. Workaround No workaround is available. Non-arm64 platforms are unaffected. V. Solution Upgrade your system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date. Perform one of the following: 1) To update your system via a binary patch: Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms, or the i386 platform on FreeBSD 13, can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install # shutdown -r +10min "Rebooting for a security update" 2) To update your system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch https://security.FreeBSD.org/patches/EN-25:15/arm64.patch # fetch https://security.FreeBSD.org/patches/EN-25:15/arm64.patch.asc # gpg --verify arm64.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile your kernel as described in and reboot the system. VI. Correction details This issue is corrected as of the corresponding Git commit hash in the following stable and release branches: Branch/path Hash Revision - ------------------------------------------------------------------------- stable/14/ 17d87881a363 stable/14-n272249 releng/14.3/ 99012995b4c6 releng/14.3-n271440 releng/14.2/ 722746b39e6e releng/14.2-n269534 stable/13/ 98ac13c4baf5 stable/13-n259404 releng/13.5/ 751971e55454 releng/13.5-n259175 - ------------------------------------------------------------------------- Run the following command to see which files were modified by a particular commit: # git show --stat Or visit the following URL, replacing NNNNNN with the hash: To determine the commit count in a working tree (for comparison against nNNNNNN in the table above), run: # git rev-list --count --first-parent HEAD VII. References The latest revision of this advisory is available at -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmjJlBEACgkQbljekB8A Gu+13w//fHfH1hAOg+FGwV3ZoMh2oEVd+VmkLg/CdghL9T+dGwqzIMOliXMKhaZq Nzk++lmKlzdpuDEqaw1ikj+bJ+knhrZyAziTlxpB2uly6K119hchAU5TQK2M6D4W 8aQWxeJMPxobsfxi9JciVMWcQK9XsurwUzlCDuLvGgUMPPaMVdy89U86NnKo66eE fjK2l1Mc730wtisTuTLkY1SHPBchvm20ehu8BVpx4eBEHnecqRaUxQHy2yxTi+/0 IKrwnpvz8S7/QLcED6TSCKsuLDY/uOx8x6N9PlHHvcLay/ImyvhTPavREld/b3nM YC8fFb7bjguPZCC222nr/J+/YkD+2+EqVHPOAq7HxVT0uqss7BL9qwIywg0CIhvT G3fw121L7cwXI/f/Hw6coVTFHnNXUB48FyIFkEXPdMxrNBUSE/KejYjkkJ2YaRir kXZboMMOoxIf0NPNmv78v+PBj3jpbPP2epjhIk0I5D6uNzdjXEqRlRNgBhqc01Qn veu+1tEox5Y0Zp4Mum0EipuTaZMjeT4hwmt9zwogsYEZFnyIvilzIOc3zEFRB4Y2 IB1EUkw49V/zzHn5KnVujaUiVOdVUxe6G8txFcPIT66mPdJZmKO1fbD3pR/0NDj6 Smj07jNL8PskCLuoe0MmMFiNJI3CHTh+6Ly39j5UpnSsPCPRTyM= =58zg -----END PGP SIGNATURE----- From nobody Tue Sep 16 17:03:41 2025 X-Original-To: freebsd-errata-notifications@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4cR7XG3FDXz67cXG for ; Tue, 16 Sep 2025 17:03:42 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [96.47.72.132]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "freefall.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4cR7XF5TFTz466d; Tue, 16 Sep 2025 17:03:41 +0000 (UTC) (envelope-from security-advisories@freebsd.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1758042221; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc; bh=mRqHICXAR1PoGfhn5ESIorMpzHNNMdufVizSSsYeSt0=; b=dh16kPYvRidpg0Ue9RaH6Wu82aQFMuEsAC+2MKjDbDMUSCiD0MqQ33vclRAK1UKO6vujV0 LtazkcOlq2pWcXtz5A0XvpbxJt8YbNOM6DA2m72n7j4ZmR9s2aiwqO4x7+gpBGblxGUntK oIffHDD0AL8NCe8DKo9zM5E3e8Ov2VqWe4L4RYY7CI9nx8sAZ7y9BQYJgGwIsgEyRWjb4V onnZuadbN3p2qxqN1MbDO7KAAjhDfRCqX5vTlWqQFcySwi8YkGiVDd1amcmb6xpIQ3WZBk 7++c+Ix7mISvNtjLGzAg/rsyK4aV+Xeap1SUkZmuSaB4NvcOhv91Jw4+rVkUiQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1758042221; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc; bh=mRqHICXAR1PoGfhn5ESIorMpzHNNMdufVizSSsYeSt0=; b=Xg0WAGE2kBp9uXruXpbWC66W1KOjb2With8TY+PsZcxlNbcksd96PhEDt8vHbPA8ZY5fGj iPEXrUgotYvX/Ssu8tqH44fO8EHGcuyS+U/6ZvVgOOGk46fW7pHE6zdPSZ6jMTTITEd0cZ cCbjQtjlPtkEFIzznmts1FYF1Q19VPqZjVqzP9PAESBHTPVml4M1f1F4fDLUYnXY77KeIx 5UuFQ8ZEc9aRdBjWjLTUCrzbgNl9/KJA909zEoyBH/dCtP9iutzTtO1xHws1spqDMhDSBH dJvnTmx07slNfJR1azT/FyOXLv/HIrg8WB72NzJnzXM/4mt5+gqP2+xhHJe6jA== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1758042221; a=rsa-sha256; cv=none; b=E8blH6z/ZCskJySs2bE/dh3lxKQpSyAqZKG18D/tS9Dfh8vsXmRfHy1YV0R5sk1fnr6+sm EZCx0O8sgWXJbfu5LrHZhJ5mV5dufrqKV1fwlHzEsNO2Pxu1nrWFemwKZE6pdDfi2XSSL0 G6+xT5IBgeUyr+MQX70UppXKsheJd94pjjiKFjm3Cvj0TogAS3UI8cfT8bdstiORTNWEz3 b2Td/qwsX+ggV0noqg5+Jkh4uxCkhckk84XgXFVPs1oXkvRgFdT1JFM5H47gdn++2aCdYe pmVR14yr2rJQaTs5wDMcvXVzvzPm8ta9Q+TDPXDfdzGDKoTAdDjQEegkAEiqkg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Received: by freefall.freebsd.org (Postfix, from userid 945) id A5384510; Tue, 16 Sep 2025 17:03:41 +0000 (-00) From: FreeBSD Errata Notices To: FreeBSD Errata Notices Subject: FreeBSD Errata Notice FreeBSD-EN-25:16.vfs Reply-To: freebsd-stable@freebsd.org Precedence: bulk Message-Id: <20250916170341.A5384510@freefall.freebsd.org> Date: Tue, 16 Sep 2025 17:03:41 +0000 (-00) List-Id: Moderated Errata Notifications [moderated, low volume] List-Archive: https://lists.freebsd.org/archives/freebsd-errata-notifications List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-errata-notifications@freebsd.org X-BeenThere: freebsd-errata-notifications@freebsd.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-EN-25:16.vfs Errata Notice The FreeBSD Project Topic: copy_file_range(2) fails to set output parameters Category: core Module: vfs Announced: 2025-09-16 Affects: FreeBSD 14.3 Corrected: 2025-08-23 21:25:20 UTC (stable/14, 14.3-STABLE) 2025-09-16 16:31:07 UTC (releng/14.3, 14.3-RELEASE-p3) For general information regarding FreeBSD Errata Notices and Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background copy_file_range(2) is a system call which takes two file descriptors as input and copies data from one file to the other. II. Problem Description The copy_file_range(2) system call accepts two optional pointer arguments, inoffp and outoffp. When non-NULL, the kernel is to use their values to determine the starting offsets for the input and output files, respectively. In this case, the seek offset corresponding to the file descriptor is not used or updated. When finishing the copy, the kernel is supposed to write updated offsets to the pointed-to values. However, it does not do so. III. Impact Applications which rely on this behaviour may behave incorrectly. No such applications exist in the base system. IV. Workaround No workaround is available. V. Solution Upgrade your system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date. Perform one of the following: 1) To update your system via a binary patch: Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms, or the i386 platform on FreeBSD 13, can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install # shutdown -r now 2) To update your system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch https://security.FreeBSD.org/patches/EN-25:16/vfs.patch # fetch https://security.FreeBSD.org/patches/EN-25:16/vfs.patch.asc # gpg --verify vfs.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile your kernel as described in and reboot the system. VI. Correction details This issue is corrected as of the corresponding Git commit hash in the following stable and release branches: Branch/path Hash Revision - ------------------------------------------------------------------------- stable/14/ 2fd0083fcc23 stable/14-n272229 releng/14.3/ d1e981cbf3bd releng/14.3-n271441 - ------------------------------------------------------------------------- Run the following command to see which files were modified by a particular commit: # git show --stat Or visit the following URL, replacing NNNNNN with the hash: To determine the commit count in a working tree (for comparison against nNNNNNN in the table above), run: # git rev-list --count --first-parent HEAD VII. References The latest revision of this advisory is available at -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmjJlBMACgkQbljekB8A Gu8ZLxAAql8vK7+rcHUDI0gKQu9TC2jlNC7EZcDwMupCnbjXFv8mSbC48XWeXUYk j6DLDK8BWGOs4+1xftFlHCgu4yPLm7YhcgiUIhqlViAhNBfwIH9YDP/3heYEkvBn Ns6sh/jtRkB3t+j1fbrcMFZZT2G1plCr4GTZS1fEE+YXQ6NNwo90liSi5dDh2m2Y 1OvLjdRwVj/BzVNqygiVJGXkof2SS3KsoVMv8CsoBZnSgvXyIPjgBhqJIjzh6my7 BqRmylf+8tZXAKCR0Ylp6qFdI1gEcxWNXyadfUuigAoQFiAFSOX/T1NYYtpK7koH IROnhKxU6TKj1EhvPrV40I+vdwBYczTZlXIFRrQw0CI7sDIus53T94rmUaqwfY+L 0yiW7gnqwujzaFkv6u9biAoVvm0FHuqq+tsOeB5k344nQ5BrbzMKVatPw2J3HG53 alalSlMQzgKZYfCkQPemzusVJIlkazJ5r2kMeHzKukfMtjCLyOP+K/evo+Y0HCHh eOwNoRLNdLra92GGlk643bKBx8pbC4J+FYXq7/+/MHQkAFX8GWZ5XoMjqIaq/e1r poa72xNwSFrPLbbWkBXf/kknifVv98/VPRE4guzgwNjBo5wVUNzRhhVUsSmzEHPe 3ris0e+OD+te5gqfp5+cKaQS7RUXItXtGO/FzJHl+mmkEfrkD9I= =q5E4 -----END PGP SIGNATURE----- From nobody Tue Sep 16 17:03:46 2025 X-Original-To: freebsd-errata-notifications@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4cR7XM2FhYz67d8w for ; Tue, 16 Sep 2025 17:03:47 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [96.47.72.132]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "freefall.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4cR7XL6ztxz46pk; Tue, 16 Sep 2025 17:03:46 +0000 (UTC) (envelope-from security-advisories@freebsd.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1758042227; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc; bh=N9OVnvF1/iOiGYDgAnmApGojcyynCzxtMuuKSdSUrYQ=; b=jxcANdTUiWYPDFLmR8SwKJVTd5nAIMYHXMCauNrvrrP80CleASNASTXXbcW2Z8eOsn50Sl wogb0wKcVQvldFxdIVvP6PpcNJAI54ESlkHUXggeiCRnfpCygj88+tHhskySNROZvfXRKR 0SCTKmGNY/FQ3qVOqktw0dQZxH/1y8vWFOgWUrNu6kP2w9QLgQbA5OEQG6UeQ3PI4SsJiW P87d/EVfgl1bjhfhqSv5v38kd05Xp2VuU/S5Js3c+GUuZMXiu6B9hTtK/x2sT0RDzED0v0 YPi+NafObV1/bVTAxoacWrah4hKljiMVaIhgXRly5X53DGEh8gwCP5xvL2t/GQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1758042227; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc; bh=N9OVnvF1/iOiGYDgAnmApGojcyynCzxtMuuKSdSUrYQ=; b=ekUHMNAGg6Q3v8E8IJkfioZdYbiYTADm23zXfwTjf+IKchceiTVyzoPc+IDBVFLNbZ1f/v SnPMReDN+2GRJuDwrMSlU5/9nQnvL/ETzp7KwzWcfNiJY++of2EA3NXEK+SKtpb+X/64K3 zXZH4i+uhVuOaj59c6L8q7PA1fm4PUZe+2dvbp0lx3OqPYk2dMDvyFnF+BR19v2I/xXOKR aZHQUS2JX/zHKaAzNMxPt8NC4c5XPhKaep/U8XDjQe1U7NnaXWjzERSZ28i7B4gjQkVPqK NxI2FApKwicQpMsT/vXQ26yDqTPl4FoIbPptBXKFHfB7+v3PxIOjdwo0QgKD4Q== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1758042227; a=rsa-sha256; cv=none; b=CDOt27gQnkSxbNfTOEf4Zvj3KiyWHf5w+0rSy2jaS0iXs9CBGsFRrFFOfnWIloKSEZ0p8m 4aMncxnAOVecEkJ8iOaukXmx/CROQJLyPNItsQE+p934OIUYK7IT6TgMpuHOw+neiG3Hww Jqs9+L7e/ddb4E1X0hJcEK84r2/YGTYVvLGXBYFFjGFNZW2JXRZZLdWYRQ1lJvWu786AgQ CU+fwAbTCw1X/YiPFeiIninBpf2sgzBT5sGmQ5SOmZWZG4/0w4T/3pGIV+p8HVA/MNi4f4 eL0YgbVImXCCz0sDRStKac+rmXrTr6rAIUbMKF3Ns4Rj9WXfEEY48KHDpVzEuA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Received: by freefall.freebsd.org (Postfix, from userid 945) id BC3EE58F; Tue, 16 Sep 2025 17:03:46 +0000 (-00) From: FreeBSD Errata Notices To: FreeBSD Errata Notices Subject: FreeBSD Errata Notice FreeBSD-EN-25:17.bnxt Reply-To: freebsd-stable@freebsd.org Precedence: bulk Message-Id: <20250916170346.BC3EE58F@freefall.freebsd.org> Date: Tue, 16 Sep 2025 17:03:46 +0000 (-00) List-Id: Moderated Errata Notifications [moderated, low volume] List-Archive: https://lists.freebsd.org/archives/freebsd-errata-notifications List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-errata-notifications@freebsd.org X-BeenThere: freebsd-errata-notifications@freebsd.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-EN-25:17.bnxt Errata Notice The FreeBSD Project Topic: bnxt(4) fails to set media type in some cases Category: core Module: bnxt Announced: 2025-09-16 Affects: FreeBSD 14.3 Corrected: 2025-06-22 07:18:55 UTC (stable/14, 14.3-STABLE) 2025-09-16 16:31:08 UTC (releng/14.3, 14.3-RELEASE-p3) For general information regarding FreeBSD Errata Notices and Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background The bnxt(4) driver provides support for Broadcom NetXtreme-C/NetXtreme-E Family of Ethernet controllers. A key function of the driver is to report the various supported physical media types and operational modes (e.g., 1000base-T, 40GBASE-AOC, full-duplex, autoselect) to the operating system's ifmedia interface. This allows network administrators to view and configure the interface link settings. II. Problem Description A logic error was introduced into the bnxt(4) driver which prevented the proper population of the supported media list for several physical connection types. Inside the function responsible for building this list, a switch statement incorrectly used return statements instead of break statements. This caused the function to exit prematurely after identifying certain media types, including common BASE-T (copper), 40G Active Optical Cable (AOC), and 1G-CX connections, before the corresponding speed and duplex options could be registered with the network subsystem. III. Impact For network controllers using the affected media types, the driver fails to advertise any supported link modes. An administrator running ifconfig(8) on the interface would see incorrect media (unknown). Because of this, the network interface may be unable to establish a link, as the operating system cannot properly configure it or initiate auto-negotiation. The network port will be unusable. IV. Workaround No workaround is available. Only systems that uses bnxt(4) device with the affected media types are affected. V. Solution Upgrade your system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date. Perform one of the following: 1) To update your system via a binary patch: Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms, or the i386 platform on FreeBSD 13, can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install # shutdown -r now 2) To update your system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch https://security.FreeBSD.org/patches/EN-25:17/bnxt.patch # fetch https://security.FreeBSD.org/patches/EN-25:17/bnxt.patch.asc # gpg --verify bnxt.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile your kernel as described in and reboot the system. VI. Correction details This issue is corrected as of the corresponding Git commit hash in the following stable and release branches: Branch/path Hash Revision - ------------------------------------------------------------------------- stable/14/ 33f65f12eba1 stable/14-n271757 releng/14.3/ c07b1838f9c9 releng/14.3-n271442 - ------------------------------------------------------------------------- Run the following command to see which files were modified by a particular commit: # git show --stat Or visit the following URL, replacing NNNNNN with the hash: To determine the commit count in a working tree (for comparison against nNNNNNN in the table above), run: # git rev-list --count --first-parent HEAD VII. References The latest revision of this advisory is available at -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmjJlBUACgkQbljekB8A Gu//GBAAu3k3rFlqFKbSgq38xldf8fFngj/IuLa4BjB2lcTa7Rpy+6vxlFxXyqVk 9VVXf+tkXNhQ5ngY52SqMDdlG0OQdr+rwPcB8bI2nw+1DW1FRMVvBN7PlJrGgs2N OtE6I4Wy+IK7vyzEgs8P3Kq3U7oXQVz/jJ3n1DmmjxlKfNqlo3eOGDlNZgTdFF2h NbZUW4CGZTQxV4Ihq7Zg99bJw38o6WkOjkBkd7/djQfLm9aufVoWPN7SDaVnDun0 vtWTTXrxsmPfVZB0sxdhYLjKPX+4GdVype0k3A26K50dTNVh5GAhWzH1LqFS6BR4 DveE4/02bjaTAqK1XW+08JoGqibzmOTt8mUOlKL1aomACgmFc2Lzj33Qd6z1JdJB 6XYTcAoi2Kz94VHBMYjgWOBjiw66YryEyNpHJkFCfWnA3jgZB9TKZn2FZPxGBbvM 6an5ZcjaKHv1X+en2Fh8Ri1Hq4CKN/SmI/Sp0B28hXv8MQCNOnTqxqgdKgg2xQnD 0BasLt7y8y4rAHed+znWW1gRHWLP9q4FLqdvargtdMO81N2n/fm8jKe+SD2YNfTQ Nvs29hRzs/thxI1gJMhDmmHkprGOyy6fzdZLtUjqhPh2l/YvHq32i/iNKpVfCy5v hHpd38wxOpTs5nk4qbVZlS2DgRuTSO/VU0IMphaIwBhwHkZaoWY= =jvzm -----END PGP SIGNATURE-----