CVE-2021-43395
First published: Mon Dec 26 2022(Updated: )
An issue was discovered in illumos before f859e7171bb5db34321e45585839c6c3200ebb90, OmniOS Community Edition r151038, OpenIndiana Hipster 2021.04, and SmartOS 20210923. A local unprivileged user can cause a deadlock and kernel panic via crafted rename and rmdir calls on tmpfs filesystems. Oracle Solaris 10 and 11 is also affected.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Illumos Illumos | <2022-01-18 | |
| Omniosce Omnios | =r151038 | |
| Openindiana Openindiana | =hipster_2021.04 | |
| Joyent SmartOS | =20210923 | |
| Oracle Solaris | =10 | |
| Oracle Solaris | =11 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.tribblix.org/relnotes.html
- https://github.com/illumos/illumos-gate/blob/069654420de4aade43c63c43cd2896e66945fc8a/usr/src/uts/common/fs/tmpfs/tmp_vnops.c
- https://github.com/illumos/illumos-gate/blob/b3403853e80914bd0aade9b5b605da4878078173/usr/src/uts/common/fs/tmpfs/tmp_dir.c
- https://github.com/illumos/illumos-gate/commit/f859e7171bb5db34321e45585839c6c3200ebb90
- https://illumos.topicbox.com/groups/developer/T1c9e4f27f8c2f959/security-heads-up-illumos14424
- https://jgardner100.wordpress.com/2022/01/20/security-heads-up/
- https://kebe.com/blog/?p=505
- https://www.illumos.org/issues/14424
- https://www.oracle.com/security-alerts/cpujan2022.html
Frequently Asked Questions
What is the vulnerability ID of this issue?
The vulnerability ID is CVE-2021-43395.
What is the severity level of CVE-2021-43395?
The severity level of CVE-2021-43395 is medium with a score of 5.5.
Which software versions are affected by CVE-2021-43395?
CVE-2021-43395 affects illumos before f859e7171bb5db34321e45585839c6c3200ebb90, OmniOS Community Edition r151038, OpenIndiana Hipster 2021.04, and SmartOS 20210923.
How can a local unprivileged user exploit CVE-2021-43395?
A local unprivileged user can cause a deadlock and kernel panic by crafting rename and rmdir calls on tmpfs filesystems.
Are there any references or resources available for CVE-2021-43395?
Yes, you can find more information about CVE-2021-43395 at the following links: [http://www.tribblix.org/relnotes.html](http://www.tribblix.org/relnotes.html), [https://github.com/illumos/illumos-gate/blob/069654420de4aade43c63c43cd2896e66945fc8a/usr/src/uts/common/fs/tmpfs/tmp_vnops.c](https://github.com/illumos/illumos-gate/blob/069654420de4aade43c63c43cd2896e66945fc8a/usr/src/uts/common/fs/tmpfs/tmp_vnops.c), [https://github.com/illumos/illumos-gate/blob/b3403853e80914bd0aade9b5b605da4878078173/usr/src/uts/common/fs/tmpfs/tmp_dir.c](https://github.com/illumos/illumos-gate/blob/b3403853e80914bd0aade9b5b605da4878078173/usr/src/uts/common/fs/tmpfs/tmp_dir.c)
- collector/nvd-index
- agent/references
- agent/severity
- agent/weakness
- agent/author
- agent/type
- agent/description
- agent/event
- agent/last-modified-date
- agent/remedy
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/illumos
- canonical/illumos illumos
- vendor/omniosce
- canonical/omniosce omnios
- version/omniosce omnios/r151038
- vendor/openindiana
- canonical/openindiana openindiana
- version/openindiana openindiana/hipster_2021.04
- vendor/joyent
- canonical/joyent smartos
- version/joyent smartos/20210923
- vendor/oracle
- canonical/oracle solaris
- version/oracle solaris/10
- version/oracle solaris/11