Hi folks, We are reaching out today to inform you about CVE-2023-31284. We have pushed a commit to address this, which you can find at https://github.com/illumos/illumos-gate/commit/676abcb77c26296424298b37b96d2bce39ab25e5 While we don't currently know of anyone exploiting this in the wild, this is a kernel stack overflow that can be performed by an unprivileged user, either in the global zone, or any non-global zone.
The following details provide information about this particular issue: IMPACT: An unprivileged user in any zone can cause a kernel stack buffer overflow. While stack canaries can capture this and lead to a denial of service, it is possible for a skilled attacker to leverage this for local privilege escalation or execution of arbitrary code (e.g. if combined with another bug such as an information leak). ACTION: Please be on the look out for patches from your distribution and be ready to update. MITIGATIONS: Running a kernel built with -fstack-protector (the illumos defaate this and turn these issues into a denial of service, but that is not a guarantee. We believe that unprivileged processes which have called chroot(2) with a new root that does not contain the sdev (/dev) filesystem most likely cannot trigger the bug, but an exhaustive analysis is still required. Please reach out to us if you have any questions, whether on the mailing list, IRC, or otherwise, and we'll try to help as we can. We'd like to thank Alex Wilson and the students at the University of Queensland for reporting this issue to us, and to Dan McDonald for his work in fixing it. The illumos Security Team ------------------------------------------ illumos: illumos-discuss Permalink: https://illumos.topicbox.com/groups/discuss/Tafc2b6c1cce6c366-M3e316f20c78fc87421a52895 Delivery options: https://illumos.topicbox.com/groups/discuss/subscription
