vulnerability
FreeBSD: VID-90071333-fbe5-11f0-a13f-bc241121aa0a (CVE-2025-15547): FreeBSD -- Jail escape by a privileged user via nullfs
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:L/AC:L/Au:N/C:C/I:C/A:C) | Jan 28, 2026 | Jan 28, 2026 | Jan 28, 2026 |
Severity
7
CVSS
(AV:L/AC:L/Au:N/C:C/I:C/A:C)
Published
Jan 28, 2026
Added
Jan 28, 2026
Modified
Jan 28, 2026
Description
Problem Description: By default, jailed processes cannot mount filesystems, including nullfs(4). However, the allow.mount.nullfs option enables mounting nullfs filesystems, subject to privilege checks. If a privileged user within a jail is able to nullfs-mount directories, a limitation of the kernel's path lookup logic allows that user to escape the jail's chroot, yielding access to the full filesystem of the host or parent jail. Impact: In a jail configured to allow nullfs(4) mounts from within the jail, the jailed root user can escape the jail's filesystem root.
Solutions
freebsd-upgrade-base-14_3-release-p8freebsd-upgrade-base-13_5-release-p9
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.