May 21, 2026
Root, panic, and comment-section chaos
FatGid: FreeBSD 14.x kernel local privilege escalation
A tiny typo let regular users become root, and the comments instantly turned chaotic
TLDR: A tiny FreeBSD mistake let normal users take full control of some machines, and updates are already out. In the comments, people argued over patch timing, mocked the giant writeup, and warned this hits real-world storage and network systems harder than it sounds.
FreeBSD just got hit with the kind of bug that makes system admins do a double take: a tiny coding mistake could let an ordinary local user take over the whole machine on some FreeBSD 14 systems. In plain English, a small error in how the operating system handled group data opened the door to a full power grab. Patches are now out for affected versions, and the official security notice says users should update fast.
But the real fireworks were in the community reaction. One camp immediately jumped into patch confusion mode, with people asking why anyone was saying it was still unpatched when the fix had already landed in the advisory. That sparked the classic security-thread mini-drama: is this a breaking emergency, or are people just reading the timeline wrong? Another comment cut through all of that with pure internet exhaustion: “Why does this need to be a whole ass website” — a perfect summary of the eternal battle between detailed writeups and readers who just want the danger level in one sentence.
Then came the reality check. One commenter reminded everyone this is not just some niche hobby operating system story: TrueNAS uses FreeBSD, and so does plenty of networking gear. That shifted the mood from nerdy bug autopsy to oh, this could actually matter at work. So yes, the bug is serious, the fix is out, and the comments managed to deliver confusion, sarcasm, and operational dread in record time.
Key Points
- •A kernel stack buffer overflow in FreeBSD 14.x setcred(2) allows unprivileged local users to trigger a panic or local privilege escalation.
- •The root cause is a sizeof type error in kern_setcred_copyin_supp_groups() that uses pointer size instead of gid_t size during allocation and copy calculations.
- •The article says working local privilege escalation exploits exist for FreeBSD 14.3 and 14.4 on amd64 GENERIC kernels, including systems with SMAP and SMEP enabled.
- •FreeBSD published advisory FreeBSD-SA-26:18.setcred on 2026-05-21 and issued patches for all currently supported branches.
- •Patched versions are 14.3-RELEASE-p14, 14.4-RELEASE-p5, and 15.0-RELEASE-p9; FreeBSD 13.x and earlier are not affected because setcred(2) is absent.