CVE-2021-43395

An issue was discovered in illumos before f859e7171bb5db34321e45585839c6c3200ebb90, OmniOS Community Edition r151038, OpenIndiana Hipster 2021.04, and SmartOS 20210923. A local unprivileged user can cause a deadlock and kernel panic via crafted rename and rmdir calls on tmpfs filesystems. Oracle Solaris 10 and 11 is also affected.
Configurations

Configuration 1 (hide)

cpe:2.3:o:illumos:illumos:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:omniosce:omnios:r151038:*:*:*:community:*:*:*

Configuration 3 (hide)

cpe:2.3:o:openindiana:openindiana:hipster_2021.04:*:*:*:*:*:*:*

Configuration 4 (hide)

cpe:2.3:o:joyent:smartos:20210923:*:*:*:*:*:*:*

Configuration 5 (hide)

OR cpe:2.3:o:oracle:solaris:10:*:*:*:*:*:*:*
cpe:2.3:o:oracle:solaris:11:*:*:*:*:*:*:*

History

08 Aug 2023, 14:21

Type Values Removed Values Added
CWE CWE-667
CPE cpe:2.3:o:omniosce:omnios:r151038:*:*:*:community:*:*:*
cpe:2.3:o:illumos:illumos:*:*:*:*:*:*:*:*
cpe:2.3:o:joyent:smartos:20210923:*:*:*:*:*:*:*
cpe:2.3:o:oracle:solaris:11:*:*:*:*:*:*:*
cpe:2.3:o:oracle:solaris:10:*:*:*:*:*:*:*
cpe:2.3:o:openindiana:openindiana:hipster_2021.04:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 5.5
References (CONFIRM) https://illumos.topicbox.com/groups/developer/T1c9e4f27f8c2f959/security-heads-up-illumos14424 - (CONFIRM) https://illumos.topicbox.com/groups/developer/T1c9e4f27f8c2f959/security-heads-up-illumos14424 - Vendor Advisory
References (MISC) https://kebe.com/blog/?p=505 - (MISC) https://kebe.com/blog/?p=505 - Third Party Advisory
References (CONFIRM) http://www.tribblix.org/relnotes.html - (CONFIRM) http://www.tribblix.org/relnotes.html - Release Notes, Third Party Advisory
References (CONFIRM) https://www.illumos.org/issues/14424 - (CONFIRM) https://www.illumos.org/issues/14424 - Issue Tracking, Patch, Vendor Advisory
References (CONFIRM) https://github.com/illumos/illumos-gate/commit/f859e7171bb5db34321e45585839c6c3200ebb90 - (CONFIRM) https://github.com/illumos/illumos-gate/commit/f859e7171bb5db34321e45585839c6c3200ebb90 - Patch, Third Party Advisory
References (MISC) https://github.com/illumos/illumos-gate/blob/069654420de4aade43c63c43cd2896e66945fc8a/usr/src/uts/common/fs/tmpfs/tmp_vnops.c - (MISC) https://github.com/illumos/illumos-gate/blob/069654420de4aade43c63c43cd2896e66945fc8a/usr/src/uts/common/fs/tmpfs/tmp_vnops.c - Exploit, Third Party Advisory
References (CONFIRM) https://www.oracle.com/security-alerts/cpujan2022.html - (CONFIRM) https://www.oracle.com/security-alerts/cpujan2022.html - Patch, Third Party Advisory
References (MISC) https://jgardner100.wordpress.com/2022/01/20/security-heads-up/ - (MISC) https://jgardner100.wordpress.com/2022/01/20/security-heads-up/ - Third Party Advisory
References (MISC) https://github.com/illumos/illumos-gate/blob/b3403853e80914bd0aade9b5b605da4878078173/usr/src/uts/common/fs/tmpfs/tmp_dir.c - (MISC) https://github.com/illumos/illumos-gate/blob/b3403853e80914bd0aade9b5b605da4878078173/usr/src/uts/common/fs/tmpfs/tmp_dir.c - Exploit, Third Party Advisory

26 Dec 2022, 06:15

Type Values Removed Values Added
New CVE

Information

Published : 2022-12-26 06:15

Updated : 2024-02-04 23:14


NVD link : CVE-2021-43395

Mitre link : CVE-2021-43395

CVE.ORG link : CVE-2021-43395


JSON object : View

Products Affected

joyent

  • smartos

illumos

  • illumos

omniosce

  • omnios

openindiana

  • openindiana

oracle

  • solaris
CWE
CWE-667

Improper Locking