Recent privilege escalation vulnerabilities in Linux have caused a stir, particularly with catchy codenames like “CopyFail,” “DirtyFrag” even with its logo, or “Fragnesia.” IT security researchers have now also discovered this class of vulnerability in FreeBSD. And with a wink, they have assigned the codename “Bumsrakete[tm]” for it – according to the explanation, a rocket that goes “Bumm,” meaning fireworks.

On a dedicated website with the domain bumsrake.de, they explain the details of the vulnerability. In doing so, they satirically go a bit over the top and have written the text in Donald Trump's speaking style. At its core, however, it is about the fact that due to the security vulnerability, the page cache of files in memory can be manipulated in FreeBSD, allowing attackers to open a root shell, for example. The kernel uses several checks, but these simply do not take effect due to some limitations. Similar to Linux, cryptography code in the kernel is also the trigger for the vulnerability in FreeBSD; the description points to AES-GCM decryption within Kernel TLS (KTLS) (CVE-2026-45257).

According to the FreeBSD security advisory, local users without extensive system privileges who read files can overwrite their content with their content by sending the file via a loopback connection with KTLS enabled. This directly modifies the page cache, and the data is written to disk. By overwriting setuid binaries or other trusted files, privilege escalation is then achieved. Complete system takeover is possible. The IT researchers also provide a demo exploit; IT administrators should therefore secure their FreeBSD systems quickly.