Versions Affected : All verisons prior to FreeNAS 11.3-U2


Description

The driver-specific ioctl(2) command handlers in oce(4) failed to check whether the caller has sufficient privileges to perform the corresponding operation.

The oce(4) handler permits unprivileged users to send passthrough commands to device firmware.


Workaround

No workaround is available. Systems that do not contain devices driven by oce(4) are unaffected.


Mitigation

  • Upgrade to FreeNAS 11.3-U2 or later.

Commit


Further information