Versions Affected : All versions prior to TrueNAS 12.0-U2
Some OSes (including Linux, FreeBSD, and NetBSD) are processing watch events using a single thread.
If the events are received faster than the thread is able to handle, they will get queued. As the queue is unbound, a guest may be able to trigger a OOM in the backend. As a result a malicious guest can trigger an OOM in backends.
No workaround is available. FreeBSD systems not using Xen are not affected.
- Upgrade to TrueNAS 12.0-U2 or later.
- FreeBSD Revision : r369177
- TrueNAS Commit : ddd70e3
- TrueNAS Commit : ba906d7
- TrueNAS Commit : 55a27c9
- JIRA Ticket : NAS-109168