TPS-2022-001 tmpfs induced panic

Overview

An unprivileged user, including users in a zone, with access to a tmpfs can induce a system panic resulting in the system rebooting.

Actions taken by Joyent

A new platform image is available in the release channel (20220118T183559Z), and updated SmartOS boot images are available in Manta.

Actions You Need to Take

Triton Operators

This platform should be installed and assigned to all SmartOS compute nodes. You can use the following commands to prepare the new platform image.

sdcadm platform install -C release 20220118T183559Z
sdcadm platform assign 20220118T183559Z $(sdc-server lookup system_type=SunOS)

Once each compute node is rebooted, it can no longer be affected by this issue.

SmartOS stand-alone Users

Stand alone SmartOS servers should be rebooted to the appropriate image.

• https://us-east.manta.joyent.com/Joyent_Dev/public/SmartOS/20220118T183559Z/smartos-20220118T183559Z-USB.img.gz
• https://us-east.manta.joyent.com/Joyent_Dev/public/SmartOS/20220118T183559Z/smartos-20220118T183559Z.iso
• https://us-east.manta.joyent.com/Joyent_Dev/public/SmartOS/20220118T183559Z/smartos-20220118T183559Z.vmwarevm.tar.gz

If you are using a bootable pool, you can install the updated image using piadm.

piadm install 20220118T183559Z
piadm activate 20220118T183559Z

Support

If you are a Joyent customer and have any further questions or concerns after reading the information provided above, please contact Joyent Support.

If you are an Open Source SmartOS/Triton user, please direct any further questions to the SmartOS Community Mailing Lists and IRC.

References

• https://illumos.topicbox.com/groups/developer/T1c9e4f27f8c2f959/security-heads-up-illumos14424