TPS-2023-002 illumos#15822 bhyve fget_str buffer overflow (FreeBSD-SA-23:07)
Overview
A vulnerability has been reported to the FreeBSD developers in bhyve that allows a vmm guest to overflow a buffer potentially allowing code execution outside the context of the vm.
On SmartOS, the bhyve process runs in a non-privileged zone which limits the potential impact. Stack smashing support in the illumos kernel shiped with SmartOS may also mitigate exploitation.
Actions Taken by Us
This issue has been fixed in illumos#15822, and release-202300727 (platform stamp 20230804T193934Z) is now available which includes a fix for this issue.
Actions You Need to Take
Triton Operators
The new platform image is now available in both the release and support
channels. This platform should be installed and assigned to all SmartOS compute
nodes and reboots scheduled for the earliest convenience.
You can use the following commands to prepare the new platform image.
sdcadm platform install -C release 20230804T193934Z
sdcadm platform assign 20230804T193934Z $(sdc-server lookup system_type=SunOS)
Once each compute node is rebooted, it can no longer be affected by this issue.
SmartOS Stand-alone Users
Stand alone SmartOS servers should be rebooted to the appropriate image.
- https://us-central.manta.mnx.io/Joyent_Dev/public/SmartOS/20230804T193934Z/smartos-20230804T193934Z-USB.img.gz
- https://us-central.manta.mnx.io/Joyent_Dev/public/SmartOS/20230804T193934Z/smartos-20230804T193934Z.iso
- https://us-central.manta.mnx.io/Joyent_Dev/public/SmartOS/20230804T193934Z/smartos-20230804T193934Z.vmwarevm.tar.gz
If you are using a bootable pool, you can install the updated image using
piadm.
piadm install 20230804T193934Z
piadm activate 20230804T193934Z
Support
If you are a MNX customer and have any further questions or concerns after reading the information provided above, please contact MNX Support.
If you are an Open Source SmartOS/Triton user, please direct any further questions to the SmartOS Community Mailing Lists and IRC.