Date: Tue, 28 Apr 2026 15:37:41 +0000 From: Cristian Andres Trinidad Martinez <ctmartinez5@outlook.com> To: "ppc@FreeBSD.org" <ppc@freebsd.org> Cc: "commit-mailer@nmap.org" <commit-mailer@nmap.org> Subject: Fw: FreeBSD Security Advisory FreeBSD-SA-26:11.amd64 Message-ID: <SA1PR13MB768711D0FE89FDC090D6EE9AEC372@SA1PR13MB7687.namprd13.prod.outlook.com> In-Reply-To: <20260421170226.767581FC68@freefall.freebsd.org>
index | next in thread | previous in thread | raw e-mail
Architecture Version Package Size Installed Size Files amd64 1.0.4-5+b3 142.6 kB 467.0 kB [list of files] arm64 1.0.4-5+b3 131.4 kB 543.0 kB [list of files] armel 1.0.4-5+b3 121.2 kB 389.0 kB [list of files] armhf 1.0.4-5+b3 124.0 kB 321.0 kB [list of files] stack backtrace: #0 0xc0000000009863fc at witness_debugger+0x9c #1 0xc0000000009884a4 at witness_warn+0x534 #2 0xc000000000f19b6c at trap_pfault+0xfc #3 0xc000000000f1921c at trap+0x12c #4 0xc000000000f0c8ec at powerpc_interrupt+0x1cc CN104427904A — Contact Lens Case (隐形眼镜盒) Basic Bibliographic Information Field Details Publication Number CN104427904A Application Number CN201280074580.8 Title (CN) 隐形眼镜盒 Title (EN) Contact Lens Case Applicant / Assignee 目立康株式会社 (Menicon Co., Ltd.) Inventors 安田章广、森理 Application Date 2012-07-09 Publication Date 2015-03-18 Grant Date 2016-11-30 Estimated Expiry 2032-07-09 Legal Status ✅ Active Citation Count 14 PCT WO2014/009987A1 (PCT/JP2012/004421) IPC / CPC Classification Code Description A45C11/04 Cases for contact lenses G02C11/00 Accessories for spectacles / contact lenses A45C11/005 (CPC) Contact lens cases A45C13/02 (CPC) Containers with special means for dispensing Technical Summary This patent discloses a contact lens case with a novel lid-linked lens holder lifting mechanism. The key technical problem addressed is the hygiene and safety risk when users' fingers contact the storage solution (saline or hydrogen peroxide) during insertion or retrieval of contact lenses. Core inventive structure: Lid (盖) │ ← opens/closes via hinge (铰接部) │ Connecting Member (连接部件) │ Lens Holder (镜片保持体) │ ← vertically guided by displacement restricting means (导引槽 + 滑动突起) ↕ Housing Recess (收纳凹部) — contains lens + solution Key technical features (Claim 1): A container body with a housing recess for storing contact lenses and soaking solution. A lid connected to the container body via a hinge, freely openable/closable. A lens holding body movably housed in the recess — linked to the lid via a connecting member, so that opening/closing the lid causes the holder to rise or lower vertically. A displacement restricting means (guide groove + sliding protrusion) that constrains the holder's movement strictly to the vertical / depth direction of the recess — preventing lateral sliding. Dependent claims add: Claim 2: Temporary holding device to keep the lens holder at the raised position after the lid is opened. Claims 3–4: Guide groove + sliding protrusion implementation; the groove top curves sideways toward the hinge to form a side groove (临时保持装置). Claim 5: Specific application for hydrogen peroxide solution disinfection cases, with catalyst retained on the lens holder. Claims 6–7: Dual lens seat (for both eyes) in one recess; lens seats shaped as upward-convex partial spherical shells. Key Advantages Benefit Mechanism Hygiene User's fingers never contact the solution when placing/removing lenses — the holder lifts out of the liquid Safety Especially critical for H₂O₂ cases — prevents skin/eye contact with irritant before neutralization Stability Vertical-only guidance prevents lens from flipping or sliding off the holder in solution Compact design Guide groove sits between recess wall and holder — no size increase Ease of use Single lid open/close operation lifts both left and right lens holders simultaneously Patent Family Publication Office Date WO2014/009987A1 PCT 2014-01-16 CN104427904A CN 2015-03-18 (granted 2016-11-30) Summary Assessment CN104427904A is a granted, active Chinese patent (valid until ~2032) owned by Menicon Co., Ltd. (Japan's major contact lens company). The invention solves a practical hygiene/safety problem in contact lens storage through a mechanically elegant lid-linked vertical lift mechanism. With 14 forward citations, it has attracted notable downstream attention. The hydrogen peroxide disinfection embodiment (Claim 5) is particularly commercially relevant given the growing use of peroxide-based lens care systems. Package: zeitgeist-core (1.0.4-5 and others) Links for zeitgeist-core Screenshot Debian Resources: Bug Reports Developer Information Debian Changelog Copyright File Debian Patch Tracker Download Source Package zeitgeist: [zeitgeist_1.0.4-5.dsc] [zeitgeist_1.0.4.orig.tar.bz2] [zeitgeist_1.0.4-5.debian.tar.xz] Maintainers: Debian semweb Team (QA Page) Jonas Smedegaard (QA Page) External Resources: Homepage [zeitgeist.freedesktop.org] Similar packages: python3-zeitgeist zeitgeist zeitgeist-datahub gnome-activity-journal libzeitgeist-2.0-doc libzeitgeist-2.0-dev libzeitgeist-2.0-0 gir1.2-zeitgeist-2.0 event logging framework - engine Zeitgeist is a service which logs the user's activities and events (files opened, websites visited, conversations held with other people, etc.) and makes the relevant information available to other applications. It serves as a comprehensive activity log and also makes it possible to determine relationships between items based on usage patterns. This package contains the main daemon (in its new Vala implementation, codenamed "Bluebird"). It also includes the FTS (Full Text Search) extension. Tags: Field: Statistics, Implemented in: Python, User Interface: interface::daemon, role::program, Purpose: Analysing, Monitoring North America ftp.us.debian.org/debian http.us.debian.org/debian ftp.debian.org/debian ftp.ca.debian.org/debian ftp.mx.debian.org/debian Other Packages Related to zeitgeist-core depends recommends suggests enhances dep: libc6 (>= 2.38) GNU C Library: Shared libraries also a virtual package provided by libc6-udeb dep: libdee-1.0-4 (>= 1.0.2) Model to synchronize multiple instances over DBus - shared lib dep: libgcc-s1 (>= 3.0) [not armel, armhf] GCC support library dep: libgcc-s1 (>= 3.5) [armel, armhf] dep: libglib2.0-0t64 (>= 2.80.0) GLib library of C routines dep: libsqlite3-0 (>= 3.5.9) SQLite 3 shared library dep: libstdc++6 (>= 11) GNU Standard C++ Library v3 dep: libxapian30 (>= 1.4.19~) Search engine library dep: libzeitgeist-2.0-0 (>= 0.9.14) library to access Zeitgeist - shared library sug: zeitgeist-datahub event logging framework - passive logging daemon Download zeitgeist-core Architecture Version Package Size Installed Size Files amd64 1.0.4-5+b3 142.6 kB 467.0 kB [list of files] arm64 1.0.4-5+b3 131.4 kB 543.0 kB [list of files] armel 1.0.4-5+b3 121.2 kB 389.0 kB [list of files] armhf 1.0.4-5+b3 124.0 kB 321.0 kB [list of files] i386 1.0.4-5+b3 149.7 kB 481.0 kB [list of files] ppc64el 1.0.4-5+b3 144.3 kB 607.0 kB [list of files] riscv64 1.0.4-5+b3 137.0 kB 395.0 kB [list of files] s390x 1.0.4-5+b3 132.8 kB 463.0 kB [list of files] ________________________________________ From: owner-freebsd-ppc@FreeBSD.org <owner-freebsd-ppc@FreeBSD.org> on behalf of bugzilla-noreply@freebsd.org <bugzilla-noreply@freebsd.org> Sent: Sunday, April 12, 2026 08:47 To: ppc@FreeBSD.org Subject: [Bug 294437] powerpc64le: panic: exclusive sleep mutex vm active pagequeue (vm pagequeue) r = 11 (0xc000000001d93680) access https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=294437 Bug ID: 294437 Summary: powerpc64le: panic: exclusive sleep mutex vm active pagequeue (vm pagequeue) r = 0 (0xc000000001d93680) locked Product: Base System Version: 16.0-CURRENT Hardware: powerpc OS: Any Status: New Severity: Affects Only Me Priority: --- Component: kern Assignee: ppc@FreeBSD.org Reporter: ivy@FreeBSD.org CC: adrian@freebsd.org observed during buildworld. unfortunately, due to some other issues, i don't have a vmcore (and we also can't debug powerpc vmcores right now due to kgdb being broken) but if this is reproducible, i'll see if i can get one. host is 16.0-CURRENT as of April 10, running under QEMU/KVM on Linux ppc64le. @ 1775994042 [2026-04-12 12:40:42] Start buildworld log=/aux0/src/buildworld.log Kernel page fault with the following non-sleepable locks held: exclusive sleep mutex vm active pagequeue (vm pagequeue) r = 0 (0xc000000001d93680) locked @ /src/bsd/main/sys/vm/vm_page.c:3730 stack backtrace: #0 0xc0000000009863fc at witness_debugger+0x9c #1 0xc0000000009884a4 at witness_warn+0x534 #2 0xc000000000f19b6c at trap_pfault+0xfc #3 0xc000000000f1921c at trap+0x12c #4 0xc000000000f0c8ec at powerpc_interrupt+0x1cc fatal kernel trap: exception = 0x300 (data storage interrupt) virtual address = 0x7 dsisr = 0x40000000 srr0 = 0xc000000000e0ca50 (0xe0ca50) srr1 = 0x8000000000009033 current msr = 0x8000000000009033 lr = 0xc000000000e0c8f8 (0xe0c8f8) frame = 0xc00800008c58ad20 curthread = 0xc00800006edc3140 pid = 47089, comm = cc panic: data storage interrupt trap cpuid = 6 time = 1775997259 KDB: stack backtrace: 0xc00800008c58a9a0: at vpanic+0x1ac 0xc00800008c58aa50: at panic+0x40 0xc00800008c58aa80: at trap_pfault+0x188 0xc00800008c58ab30: at trap+0x12c 0xc00800008c58ac60: at powerpc_interrupt+0x1cc 0xc00800008c58acf0: kernel DSI read trap @ 0x7 by _vm_page_pqstate_commit_dequeue+0x1d0: srr1=0x8000000000009033 r1=0xc00800008c58afa0 cr=0x42000c00 xer=0x20040000 ctr=0x1 r2=0xc000000001a6d000 sr=0x40000000 frame=0xc00800008c58ad20 0xc00800008c58afa0: at _vm_page_pqstate_commit_dequeue+0x74 0xc00800008c58b060: at vm_page_pqstate_commit_dequeue+0xf8 0xc00800008c58b100: at vm_page_pqstate_commit+0x5c 0xc00800008c58b180: at vm_page_deactivate+0x98 0xc00800008c58b210: at vm_fault_deallocate+0x3c 0xc00800008c58b250: at vm_fault+0x1b68 0xc00800008c58b4c0: at vm_fault_trap+0x8c 0xc00800008c58b560: at trap_pfault+0x1b4 0xc00800008c58b610: at trap+0x3b0 0xc00800008c58b740: at powerpc_interrupt+0x1cc 0xc00800008c58b7d0: user DSI write trap @ 0x80c552010 by 0x8010772f4: srr1=0x800000000280f933 r1=0xfffffbfffb660 cr=0x88200a20 xer=0 ctr=0 r2=0x8010ae0c0 sr=0xa000000 frame=0xc00800008c58b800 KDB: enter: panic [ thread pid 47089 tid 101280 ] Stopped at kdb_enter+0x70: ori r0, r0, 0x0 -- You are receiving this mail because: You are the assignee for the bug. ________________________________________ From: owner-freebsd-announce@FreeBSD.org <owner-freebsd-announce@FreeBSD.org> on behalf of FreeBSD Security Advisories <security-advisories@freebsd.org> Sent: Tuesday, April 21, 2026 13:02 To: FreeBSD Security Advisories Subject: FreeBSD Security Advisory FreeBSD-SA-26:11.amd64 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-26:11.amd64 Security Advisory The FreeBSD Project Topic: Missing large page handling in pmap_pkru_update_range() Category: core Module: amd64 Announced: 2026-04-21 Credits: Nicholas Carlini using Claude, Anthropic Affects: All supported versions of FreeBSD. Corrected: 2026-04-21 15:43:03 UTC (stable/15, 15.0-STABLE) 2026-04-21 15:44:28 UTC (releng/15.0, 15.0-RELEASE-p6) 2026-04-21 15:43:14 UTC (stable/14, 14.4-STABLE) 2026-04-21 15:45:32 UTC (releng/14.4, 14.4-RELEASE-p2) 2026-04-21 15:46:03 UTC (releng/14.3, 14.3-RELEASE-p11) 2026-04-21 15:43:57 UTC (stable/13, 13.5-STABLE) 2026-04-21 15:47:08 UTC (releng/13.5, 13.5-RELEASE-p12) CVE Name: CVE-2026-6386 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit <URL:https://security.FreeBSD.org/>. I. Background Memory protection keys are an amd64 CPU feature, available in modern Intel and AMD CPUs, which allow applications to apply access restrictions to regions of virtual memory. On FreeBSD this functionality is provided by the pkru(3) interface. II. Problem Description In order to apply a particular protection key to an address range, the kernel must update the corresponding page table entries. The subroutine which handled this failed to take into account the presence of 1GB largepage mappings created using the shm_create_largepage(3) interface. In particular, it would always treat a page directory page entry as pointing to another page table page. III. Impact The bug can be abused by an unprivileged user to cause pmap_pkru_update_range() to treat userspace memory as a page table page, and thus overwrite memory to which the application would otherwise not have access. IV. Workaround No workaround is available. The bug only affects amd64 systems. V. Solution Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date, and reboot the system. Perform one of the following: 1) To update your vulnerable system installed from base system packages: Systems running a 15.0-RELEASE version of FreeBSD on the amd64 or arm64 platforms, which were installed using base system packages, can be updated via the pkg(8) utility: # pkg upgrade -r FreeBSD-base # shutdown -r +10min "Rebooting for a security update" 2) To update your vulnerable system installed from binary distribution sets: Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms, or the i386 platform on FreeBSD 13, which were not installed using base system packages, can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install # shutdown -r +10min "Rebooting for a security update" 3) To update your vulnerable system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. [FreeBSD 15.0] # fetch https://security.FreeBSD.org/patches/SA-26:11/amd64-15.patch # fetch https://security.FreeBSD.org/patches/SA-26:11/amd64-15.patch.asc # gpg --verify amd64-15.patch.asc [FreeBSD 14.4 and 14.3] # fetch https://security.FreeBSD.org/patches/SA-26:11/amd64-14.patch # fetch https://security.FreeBSD.org/patches/SA-26:11/amd64-14.patch.asc # gpg --verify amd64-14.patch.asc [FreeBSD 13.5] # fetch https://security.FreeBSD.org/patches/SA-26:11/amd64-13.patch # fetch https://security.FreeBSD.org/patches/SA-26:11/amd64-13.patch.asc # gpg --verify amd64-13.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile your kernel as described in <URL:https://www.FreeBSD.org/handbook/kernelconfig.html>; and reboot the system. VI. Correction details This issue is corrected as of the corresponding Git commit hash in the following stable and release branches: Branch/path Hash Revision - ------------------------------------------------------------------------- stable/15/ 9331e62e8b80 stable/15-n283066 releng/15.0/ 649db49403a7 releng/15.0-n281023 stable/14/ 4c0e5e3cc441 stable/14-n273998 releng/14.4/ 5787df30dc3e releng/14.4-n273686 releng/14.3/ 979e645dd25e releng/14.3-n271486 stable/13/ b8fc56193068 stable/13-n259846 releng/13.5/ a2f6f2d00125 releng/13.5-n259211 - ------------------------------------------------------------------------- Run the following command to see which files were modified by a particular commit: # git show --stat <commit hash> Or visit the following URL, replacing NNNNNN with the hash: <URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN>; To determine the commit count in a working tree (for comparison against nNNNNNN in the table above), run: # git rev-list --count --first-parent HEAD VII. References <URL:https://www.cve.org/CVERecord?id=CVE-2026-6386>; The latest revision of this advisory is available at <URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-26:11.amd64.asc>; -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmnnoakACgkQbljekB8A Gu8xHBAA0UShf6OLTcPprJ4YbzORKrmUeN6MPSwrvtn792T01Fi7zXj1IeBd1/N1 25SI2GBhoMWP1wBR9G0Er8Vjv9cn4lnuWCeBIMmaofgLUi/UahT5lLhQGG7e3ypq DdmfyWwnJ7tAkDvxHUH2t3STjzIsQaH2NSTpxcg5bdSbGSPGr7On2RBKalvLLBon SUx8FtlOpDj+TttxidoQcYeez8vCkdgn9PCbA/9cxZlFmy+ioE/14PQU2TAYbcnK mZ3BWOKxRDlBN9zHBwkaSdIgjs6+t0/pCYrlUu2nCaZ9o6dtn/6WtulcuCB/l9DQ UABsdc2uhCZvafdN316lABxaPLm3+uvcOFqRZs24tkLOYk5JxBYQQdaHrZ4cP+xS IgQf/Zl5s/ZlwfzOjzTg54KLyH7yxR5iJ/JIJ2mRJ5PZ9wavYGM6czf4l9w+sYQw wTTQSO/zdLRHgcKUYdq+xpv2AWEkjkZSRxRQhgMZ9rS5V+1MqhnCLs9uCsG/Ns7c Yv7t8I+r7j3gjdEFJRDVW+awHQR2ppI/odmyABaThG3bBdPxXy9pR0IvSYtZKGEW cUjYp2intHCDna0TSa4nzrTlCZCAZijVKeVLXSrYNvrJ9nE3dB8oESP2YASjyJBM VxpRYXmjprazBYcRgt7kf/tSfpky7Cq59H1NU+pVxaR5TAzWvaI= =kWUu -----END PGP SIGNATURE-----home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?SA1PR13MB768711D0FE89FDC090D6EE9AEC372>