TPS-2023-001 illumos kernel CVE-2023-31284


A vulnerability has been found in the illumos kernel (CVE-2023-31284) that allows local users, including non-root users in zones, to panic the system.

Any environment running untrusted workloads (e.g., public cloud environments) are strongly urged to update (see Actions You Need to Take below).

Actions Taken by Us

This issue has been fixed in illumos#15586, and release-20230504 (platform stamp 20230504T000449Z) is now available which includes a fix for this issue.

Actions You Need to Take

Triton Operators

The new platform image is now available in both the release and support channels. This platform should be installed and assigned to all SmartOS compute nodes and reboots scheduled for the earliest convenience.

You can use the following commands to prepare the new platform image.

sdcadm platform install -C release 20230504T000449Z
sdcadm platform assign 20230504T000449Z $(sdc-server lookup system_type=SunOS)

Once each compute node is rebooted, it can no longer be affected by this issue.

SmartOS Stand-alone Users

Stand alone SmartOS servers should be rebooted to the appropriate image.

If you are using a bootable pool, you can install the updated image using piadm.

piadm install 20230504T000449Z
piadm activate 20230504T000449Z


If you are a MNX customer and have any further questions or concerns after reading the information provided above, please contact MNX Support.

If you are an Open Source SmartOS/Triton user, please direct any further questions to the SmartOS Community Mailing Lists and IRC.