Versions Affected : All verisons prior to FreeNAS 11.3-U5


Description

A number of AMD virtualization instructions operate on host physical addresses, are not subject to nested page table translation, and guest use of these instructions was not trapped.

From kernel mode a malicious guest can write to arbitrary host memory (with some constraints), affording the guest full control of the host.


Workaround

No workaround is available.


Mitigation

  • Upgrade to FreeNAS 11.3-U5 or later.

Commit


Further information