CVE-2009-1041

FreeBSD 7.0-7.2 - Local Arbitrary Kernel Memory Overwrite via ktimer Out-of-Bounds Timer Value

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-1041. PoCs published by mu-b.

AI-analyzed exploit summary This exploit leverages a kernel memory corruption vulnerability in FreeBSD's ktimer implementation to achieve local privilege escalation by manipulating timer structures and overwriting kernel memory to execute arbitrary code in kernel context.

Description

The ktimer feature (sys/kern/kern_time.c) in FreeBSD 7.0, 7.1, and 7.2 allows local users to overwrite arbitrary kernel memory via an out-of-bounds timer value.

Exploits (1)

exploitdb WORKING POC VERIFIED
by mu-b · clocalfreebsd
https://www.exploit-db.com/exploits/8261

This exploit leverages a kernel memory corruption vulnerability in FreeBSD's ktimer implementation to achieve local privilege escalation by manipulating timer structures and overwriting kernel memory to execute arbitrary code in kernel context.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Complex
Reliability
Reliable
Target: FreeBSD 7.0, 7.1
No auth needed
Prerequisites: Local access to a vulnerable FreeBSD system · Ability to execute arbitrary code on the target system
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Exploit vendor-advisory x_refsource_freebsd
http://security.freebsd.org/advisories/FreeBSD-SA-09:06.ktimer.asc
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/49362
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/8261
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1021882
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/34196

Scores

EPSS 0.0078
EPSS Percentile 51.0%

Details

CWE
CWE-119
Status published
Products (3)
freebsd/freebsd 7.0 (7 CPE variants)
freebsd/freebsd 7.1 (5 CPE variants)
freebsd/freebsd 7.2
Published Mar 26, 2009
Tracked Since Feb 18, 2026