Versions Affected : All verisons prior to FreeNAS 11.3-U3.2


Description

The IPV6_2292PKTOPTIONS set handler was missing synchronization, so racing accesses could modify freed memory.

A malicious user application could trigger memory corruption, leading to privilege escalation.


Workaround

No workaround is available.


Mitigation

  • Upgrade to FreeNAS 11.3-U4.1 or later.

Commit


Further information