Hans Christian Woithe

**Name of the Vulnerable Software and Affected Versions** illumos versions before f859e7171bb5db34321e45585839c6c3200ebb90 OmniOS Community Edition version r151038 OpenIndiana Hipster version 2021.04 SmartOS version 20210923 Oracle Solaris versions 10 and 11 **Description** A local unprivileged user can cause a deadlock and kernel panic via crafted `rename` and `rmdir` calls on `tmpfs` filesystems. The issue is related to incorrect resource release, which can allow an attacker to cause a denial of service. **Recommendations** For illumos versions before f859e7171bb5db34321e45585839c6c3200ebb90, update to a version after f859e7171bb5db34321e45585839c6c3200ebb90 to resolve the issue. For OmniOS Community Edition version r151038, update to a version after r151038. For OpenIndiana Hipster version 2021.04, update to a version after 2021.04. For SmartOS version 20210923, update to a version after 20210923. For Oracle Solaris versions 10 and 11, apply the necessary patches or updates to resolve the issue. As a temporary workaround, consider restricting access to `tmpfs` filesystems to minimize the risk of exploitation.