TPS-2026-001 SCTP wrong-sized-free and private options
Overview
Per an email sent to the illumos community, we have respun the 20260514 SmartOS release (which also accompanies the 20260514 Triton release) to fix this vulnerability. We recommend updating to this release, build stamp 20260522T154557Z, as soon as possible.
Actions Taken by Us
We have respun the 20260514 SmartOS release, build stamp 20260522T154557Z. All version one can obtain: ISO, USB, Platform Image, and VMware image, are available for installation for either standalone SmartOS or for Triton deployments.
Future SmartOS releases, including the upcoming 20260528, will also have this issue fixed.
Actions You Need to Take
We recommend a platform image upgrade as soon as possible. Machines that have LX or Native zones should update immediately or use the hotpatch method cited below IF AND ONLY IF a reboot will unduly disrupt operations.
Threat Environment
This bug is a privilege-esclation bug. If your machine has Native or LX zones a user@non-global-zone can possibly escalate their privilege, or at least induce a kernel panic. If your machine has only HVM zones (BHYVE or KVM), the risk is reduced, but the vulnerability could be use as part of an attack chain if HVM has a containment failure.
Upgrade for Triton or Standalone SmartOS
Compute nodes should be rebooted to platform image 20260522T154557Z or later to eliminate the potential vulnerability.
For Triton users
Execute the following commands from the headnode.
sdcadm platform install 20260522T154557Z -C release
sdcadm platform assign 20260522T154557Z --all
sdcadm platform set-default 20260522T154557Z
Schedule reboots for all compute nodes.
For SmartOS users with piadm
piadm install 20260522T154557Z
piadm activate 20260522T154557Z
Reboot the node.
For other SmartOS users
Update your boot media to use image 20260522T154557Z then reboot the node. Boot images are available from:
https://us-central.manta.mnx.io/Joyent_Dev/public/SmartOS/smartos.html
Hotpatch mitigation
If, AND ONLY IF, you are unable to reboot, any running platform image from 2024 to before the buildstamp mentioned above can be hot-patched to stop the privilege escalation vector. Using the hotpatch will sabotage certain SCTP functionality, but given SCTP’s limited use, that only be a problem for SCTP users.
See the mailing list email for how to apply the hotpatch. NOTE that it will revert if you reboot into a sufficiently old PI. This must be done
Support
If you are a Triton Data Center customer and have any further questions or concerns after reading the information provided above, please contact your Triton Data Center Support channels.
If you are an Open Source SmartOS/Triton user, please direct any further questions to the SmartOS Community Mailing Lists and IRC.