Versions Affected : All verisons prior to FreeNAS 11.3-U2


Description

When a TCP server transmits or retransmits a TCP SYN-ACK segment over IPv6, the Traffic Class field is not initialized.

This also applies to challenge ACK segments, which are sent in response to received RST segments during the TCP connection setup phase. For each TCP SYN-ACK (or challenge TCP-ACK) segment sent over IPv6, one byte of kernel memory is transmitted over the network.


Workaround

No workaround is available. Systems not using IPv6 are unaffected.


Mitigation

  • Upgrade to FreeNAS 11.3-U2 or later.

Commit


Further information