5.5

CVE-2021-43395

Exploit

An issue was discovered in illumos before f859e7171bb5db34321e45585839c6c3200ebb90, OmniOS Community Edition r151038, OpenIndiana Hipster 2021.04, and SmartOS 20210923. A local unprivileged user can cause a deadlock and kernel panic via crafted rename and rmdir calls on tmpfs filesystems. Oracle Solaris 10 and 11 is also affected.

Data is provided by the National Vulnerability Database (NVD)
IllumosIllumos Version < 2022-01-18
OmniosceOmnios Versionr151038 SwEditioncommunity
OpenindianaOpenindiana Versionhipster_2021.04
JoyentSmartos Version20210923
OracleSolaris Version10
OracleSolaris Version11
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.01% 0.017
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-667 Improper Locking

The product does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors.

http://www.tribblix.org/relnotes.html
Third Party Advisory
Release Notes
https://kebe.com/blog/?p=505
Third Party Advisory
https://www.illumos.org/issues/14424
Patch
Vendor Advisory
Issue Tracking