Solved FreeBSD-kernel-13.4_1 is vulnerable

[Mayhem30]

I keep seeing this in my daily security emails :

Checking for security vulnerabilities in base (userland & kernel):
Fetching vuln.xml.xz: .......... done
FreeBSD-kernel-13.4_1 is vulnerable:
  FreeBSD -- Unbounded allocation in ctl(4) CAM Target Layer
  CVE: CVE-2024-39281
  WWW: https://vuxml.FreeBSD.org/freebsd/8caa5d60-a174-11ef-9a62-002590c1f29c.html

However, it looks like this was already fixed here : https://vuxml.freebsd.org/freebsd/8caa5d60-a174-11ef-9a62-002590c1f29c.html

My FreeBSD is up to date and I did install those security fixes (and rebooted), but I still get that warning above in my daily emails.

Am I missing something?

 

[cy@]

Are you sure your FreeBSD system is up to date? I see no evidence it is.

 

[Mayhem30]

$ freebsd-version
13.4-RELEASE-p2

 

[Emrion]

See here: https://forums.freebsd.org/threads/inconsistent-version-after-upgrade.95624/

It's the same for 14.1-RELEASE. vuXML thinks the kernel is vulnerable while this vulnerabilty was in a kernel module, not in the kernel itself.

In a few words, you're up-to-date, but you will receive this message until the kernel version increments or until the FreeBSD staff find a solution.

 

[cracauer@]

This is a false positive.

The fix is in a kernel module, not the kernel itself. It falls through the version bumping.

 

[Mayhem30]

Thank you, marking this as solved.