TPS-2023-001 illumos kernel CVE-2023-31284
Overview
A vulnerability has been found in the illumos kernel (CVE-2023-31284) that allows local users, including non-root users in zones, to panic the system.
Any environment running untrusted workloads (e.g., public cloud environments) are strongly urged to update (see Actions You Need to Take below).
Actions Taken by Us
This issue has been fixed in illumos#15586, and release-20230504 (platform stamp 20230504T000449Z) is now available which includes a fix for this issue.
Actions You Need to Take
Triton Operators
The new platform image is now available in both the release and support
channels. This platform should be installed and assigned to all SmartOS compute
nodes and reboots scheduled for the earliest convenience.
You can use the following commands to prepare the new platform image.
sdcadm platform install -C release 20230504T000449Z
sdcadm platform assign 20230504T000449Z $(sdc-server lookup system_type=SunOS)
Once each compute node is rebooted, it can no longer be affected by this issue.
SmartOS Stand-alone Users
Stand alone SmartOS servers should be rebooted to the appropriate image.
- https://us-central.manta.mnx.io/Joyent_Dev/public/SmartOS/20230504T000449Z/smartos-20230504T000449Z-USB.img.gz
- https://us-central.manta.mnx.io/Joyent_Dev/public/SmartOS/20230504T000449Z/smartos-20230504T000449Z.iso
- https://us-central.manta.mnx.io/Joyent_Dev/public/SmartOS/20230504T000449Z/smartos-20230504T000449Z.vmwarevm.tar.gz
If you are using a bootable pool, you can install the updated image using
piadm.
piadm install 20230504T000449Z
piadm activate 20230504T000449Z
Support
If you are a MNX customer and have any further questions or concerns after reading the information provided above, please contact MNX Support.
If you are an Open Source SmartOS/Triton user, please direct any further questions to the SmartOS Community Mailing Lists and IRC.