Hello folks! Quick breakdown:
IMPACT: This bug allows an unprivileged user with access to a tmpfs to induce a denial of service to the system. This is more serious if untrusted users have access to the system (e.g. a shared environment). ACTION: Please be on the look out for patches from the various distributions and be ready to install them. MITIGATIONS: At this time, there are no known easy mitigations that one can apply short of disabling access to untrusted users and/or removing the ability to use tmpfs from their zones. NEXT STEPS: As we follow up on this, we'll be doing some additional auditing and looking to more generally strengthen our regression test suites to be able to catch issues like this in advance and ensure that that they are not reintroduced. . . . These details are also in https://www.illumos.org/issues/14424 Security researcher Hans Christian Woithe reported CVE-2021-43395 to both us and Oracle. He discovered conditions where any arbitrary user could induce tmpfs to panic with deadlock-detection. This bug tracks our fix for this problem. Tested using Hans's PoC, which now does not induce a panic. Tested on OmniOS both bare-metal (by Andy Fiddaman) and VM (by Dan McD.). Tested on SmartOS bare-metal (by Dan McD.). We will introduce more analysis into the bug report as this fix gets propagated. If you run a distro PLEASE PUT THIS FIX IN ANY SUPPORTED RELEASE YOU HAVE. It's easily backportable/cherry-pickable; I know OmniOS has it in their old-LTS r151030, for example. Thanks to Robert Mustacchi and Andy Fiddaman for feedback of earlier revisions of this fix. Thanks especially to security researcher Hans Christian Woithe, who informed us and Oracle of this very old bug. I appreciate he took the advice here: https://kebe.com/blog/?p=505 and I hope we reacted accordingly and politely (given we coordinated releasing this fix with Oracle). Please update your distros ASAP. And after some time, we'll update 14424 with details on how we arrived at the illumos fix. Thank you, Dan McDonald & Robert Mustacchi - on behalf of secur...@illumos.org ------------------------------------------ illumos: illumos-discuss Permalink: https://illumos.topicbox.com/groups/discuss/T1c9e4f27f8c2f959-M8d6d96c6f3abf24bf40a7977 Delivery options: https://illumos.topicbox.com/groups/discuss/subscription
