On 1/27/26 14:28, FreeBSD Errata Notices wrote: > ============================================================================= > FreeBSD-EN-26:03.vm Errata Notice > The FreeBSD Project > > Topic: The page fault handler fails to zero memory > > Category: core > Module: vm > Announced: 2026-01-27 > Affects: All supported versions of FreeBSD. > Corrected: 2025-12-15 10:37:54 UTC (stable/15, 15.0-STABLE) > 2026-01-27 19:15:47 UTC (releng/15.0, 15.0-RELEASE-p2) > 2025-12-15 10:42:28 UTC (stable/14, 14.3-STABLE) > 2026-01-27 19:16:12 UTC (releng/14.3, 14.3-RELEASE-p8) > 2026-01-26 15:18:32 UTC (stable/13, 13.4-STABLE) > 2026-01-27 19:16:34 UTC (releng/13.5, 13.5-RELEASE-p9)
My notes use this Errata Notice as an example. But all 3 of the Errata Notices and the 2 Security Advisories released today look to have similar points relative to pkgbase-based FreeBSD OS installations. > > For general information regarding FreeBSD Errata Notices and Security > Advisories, including descriptions of the fields above, security > branches, and the following sections, please visit > <URL:https://security.FreeBSD.org/>. > > I. Background > > The mmap(2) system call allows applications and system libraries to allocate > heap memory using the MAP_ANON flag. The system call allocates virtual memory > in the calling thread's address space and physical memory is allocated on > demand as page faults occur. Memory allocated this way is guaranteed to be > zero-filled. > > II. Problem Description > > Under some conditions, the physical pages allocated and mapped by the kernel > may not be zero-filled. > > III. Impact > > This bug has been observed to cause process crashes. > > IV. Workaround > > No workaround is available. > > V. Solution > > Upgrade your system to a supported FreeBSD stable or release / security > branch (releng) dated after the correction date. > > Perform one of the following: > > 1) To update your system via a binary patch: The below freebsd-update use is inappropriate for pkgbase based installations of the 15.0 variants. [I'm unsure of intended coverage of 14.3's non-re@-pkgbase-use based systems but (1) does not apply there either.] > > Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms, > or the i386 platform on FreeBSD 13, can be updated via the freebsd-update(8) > utility: > > # freebsd-update fetch > # freebsd-update install > # shutdown -r now > > 2) To update your system via a source code patch: The below source-based steps are inappropriate for pkgbase based installations of the 15.0 variants. [I'm unsure of intended coverage of 14.3's non-re@-pkgbase-use based systems but (2) does not correctly apply there either.] > > The following patches have been verified to apply to the applicable > FreeBSD release branches. > > a) Download the relevant patch from the location below, and verify the > detached PGP signature using your PGP utility. > > [FreeBSD 15.0] > # fetch https://security.FreeBSD.org/patches/EN-26:03/vm-15.patch > # fetch https://security.FreeBSD.org/patches/EN-26:03/vm-15.patch.asc > # gpg --verify vm-15.patch.asc > > [FreeBSD 14.3] > # fetch https://security.FreeBSD.org/patches/EN-26:03/vm-14.patch > # fetch https://security.FreeBSD.org/patches/EN-26:03/vm-14.patch.asc > # gpg --verify vm-14.patch.asc > > [FreeBSD 13.5] > # fetch https://security.FreeBSD.org/patches/EN-26:03/vm-13.patch > # fetch https://security.FreeBSD.org/patches/EN-26:03/vm-13.patch.asc > # gpg --verify vm-13.patch.asc > > b) Apply the patch. Execute the following commands as root: > > # cd /usr/src > # patch < /path/to/patch > > c) Recompile your kernel as described in > <URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the > system. There is no section for --or mention of-- pkgbase or of use of pkg/pkg-static commands for updating at all. (Such would not apply to any 13.5 variant.) > > VI. Correction details > > This issue is corrected as of the corresponding Git commit hash in the > following stable and release branches: > > Branch/path Hash Revision > ------------------------------------------------------------------------- > stable/15/ 3c0942f99209 stable/15-n281508 > releng/15.0/ 6e279feb40be releng/15.0-n281002 > stable/14/ 99f641267d44 stable/14-n272998 > releng/14.3/ de311ee39b3f releng/14.3-n271457 > stable/13/ babac9d7bc05 stable/13-n259725 > releng/13.5/ 4967e14ba25b releng/13.5-n259188 > ------------------------------------------------------------------------- > > Run the following command to see which files were modified by a > particular commit: > > # git show --stat <commit hash> > > Or visit the following URL, replacing NNNNNN with the hash: > > <URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN> > > To determine the commit count in a working tree (for comparison against > nNNNNNN in the table above), run: > > # git rev-list --count --first-parent HEAD > > VII. References > > The latest revision of this advisory is available at > <URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-26:03.vm.asc> > > -- === Mark Millard marklmi at yahoo.com
