MidnightBSD

Advisories for openindiana

CVE-2020-24718 HIGH

bhyve, as used in FreeBSD through 12.1 and illumos (e.g., OmniOS CE through r151034 and OpenIndiana through Hipster 2020.04), does not properly restrict VMCS and VMCB read/write operations, as demonstrated by a root user in a container on an Intel system, who can gain privileges by modifying VMCS_HOST_RIP.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.2 HIGH CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 1.5 6.0

CVSS 2.0

Severity: HIGH

Problem Type: CWE-862,

Products Affected

Vendor Product Version
openindiana openindiana *
netapp clustered_data_ontap -
omniosce omnios *
freebsd freebsd 11.3
freebsd freebsd 12.0
freebsd freebsd 11.4
freebsd freebsd 12.1
freebsd freebsd *
CVE-2021-43395

An issue was discovered in illumos before f859e7171bb5db34321e45585839c6c3200ebb90, OmniOS Community Edition r151038, OpenIndiana Hipster 2021.04, and SmartOS 20210923. A local unprivileged user can cause a deadlock and kernel panic via crafted rename and rmdir calls on tmpfs filesystems. Oracle Solaris 10 and 11 is also affected.

Products Affected

Vendor Product Version
oracle solaris 10
omniosce omnios r151038
joyent smartos 20210923
oracle solaris 11
illumos illumos *
openindiana openindiana hipster_2021.04