CVE-2021-43395 | Mend Vulnerability Database

Vulnerability DatabaseCVE-2021-43395

CVE-2021-43395

December 26, 2022

An issue was discovered in illumos before f859e7171bb5db34321e45585839c6c3200ebb90, OmniOS Community Edition r151038, OpenIndiana Hipster 2021.04, and SmartOS 20210923. A local unprivileged user can cause a deadlock and kernel panic via crafted rename and rmdir calls on tmpfs filesystems. Oracle Solaris 10 and 11 is also affected.

Related Resources (9)

https://illumos.topicbox.com/groups/developer/T1c9e4f27f8c2f959/security-heads-up-illumos14424

https://github.com/illumos/illumos-gate/commit/f859e7171bb5db34321e45585839c6c3200ebb90

https://github.com/illumos/illumos-gate/blob/b3403853e80914bd0aade9b5b605da4878078173/usr/src/uts/common/fs/tmpfs/tmp_dir.c

https://www.oracle.com/security-alerts/cpujan2022.html

http://www.tribblix.org/relnotes.html

https://jgardner100.wordpress.com/2022/01/20/security-heads-up/

https://www.illumos.org/issues/14424

https://github.com/illumos/illumos-gate/blob/069654420de4aade43c63c43cd2896e66945fc8a/usr/src/uts/common/fs/tmpfs/tmp_vnops.c

https://kebe.com/blog/?p=505

Do you need more information?

CVSS v4

Base Score:

6.8

Attack Vector

LOCAL

Attack Complexity

LOW

Attack Requirements

NONE

Privileges Required

LOW

User Interaction

NONE

Vulnerable System Confidentiality

NONE

Vulnerable System Integrity

NONE

Vulnerable System Availability

HIGH

Subsequent System Confidentiality

NONE

Subsequent System Integrity

NONE

Subsequent System Availability

NONE

CVSS v3

Base Score:

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Weakness Type (CWE)

Improper Locking

CWE-667

EPSS

Base Score:

0.06

Products

Solutions

Resources

Company

Compare

Developer Tools