Versions Affected : All verisons prior to 11.3-U3.2


Description

The SCTP layer does improper checking when an application tries to update a shared key.

Therefore an unprivileged local user can trigger a use-after- free situation, for example by specific sequences of updating shared keys and closing the SCTP association. Triggering the use-after-free situation may result in unintended kernel behaviour including a kernel panic.


Workaround

No workaround is available.


Mitigation

  • Upgrade to FreeNAS 11.3-U3.2 or later.

Commit


Further information