The FreeBSD developers have made a decision in the new FreeBSD 13 branch, which is expected to be released on April 13, to give the port for the ARM64 architecture (AArch64) the status of the primary platform (Tier 1). Previously, a similar level of support was provided for 64-bit x86 systems (until recently, the i386 architecture was also primary, but in January it was moved to the second level of support).
The first level of support involves generating installation builds, binary updates, and ready-made packages, as well as providing guarantees for solving specific problems and maintaining the ABI unchanged for the user environment and the kernel (with the exception of some subsystems). The first level falls under the support of the teams responsible for fixing vulnerabilities, preparing releases and maintaining ports.
Additionally, three vulnerabilities in FreeBSD can be noted:
- CVE-2021-29626 - An unprivileged local process can read the contents of kernel memory or other processes through memory page mapping manipulation. The vulnerability is caused by a bug in the virtual memory subsystem that shares memory between processes, which causes memory to continue to be bound to a process after the associated page of memory has been freed.
- CVE-2021-29627 - An unprivileged local user can elevate their privileges on the system or read the contents of kernel memory. The problem is caused by accessing memory after it is freed (use-after-free) in the implementation of the accept filter mechanism.
- CVE-2020-25584 - Ability to bypass the Jail isolation mechanism. A user inside the sandbox, with permission to mount partitions (allow.mount), can change the root directory to a position outside the Jail hierarchy and gain full read and write access to all system files.
Source: opennet.ru