CVE-2021-43395

Name of the Vulnerable Software and Affected Versions illumos versions before f859e7171bb5db34321e45585839c6c3200ebb90 OmniOS Community Edition version r151038 OpenIndiana Hipster version 2021.04 SmartOS version 20210923 Oracle Solaris versions 10 and 11

Description A local unprivileged user can cause a deadlock and kernel panic via crafted rename and rmdir calls on tmpfs filesystems. The issue is related to incorrect resource release, which can allow an attacker to cause a denial of service.

Recommendations For illumos versions before f859e7171bb5db34321e45585839c6c3200ebb90, update to a version after f859e7171bb5db34321e45585839c6c3200ebb90 to resolve the issue. For OmniOS Community Edition version r151038, update to a version after r151038. For OpenIndiana Hipster version 2021.04, update to a version after 2021.04. For SmartOS version 20210923, update to a version after 20210923. For Oracle Solaris versions 10 and 11, apply the necessary patches or updates to resolve the issue. As a temporary workaround, consider restricting access to tmpfs filesystems to minimize the risk of exploitation.