Versions Affected : All versions prior to TrueNAS 12.0-U2


Description

Some OSes (including Linux, FreeBSD, and NetBSD) are processing watch events using a single thread.

If the events are received faster than the thread is able to handle, they will get queued. As the queue is unbound, a guest may be able to trigger a OOM in the backend. As a result a malicious guest can trigger an OOM in backends.


Workaround

No workaround is available. FreeBSD systems not using Xen are not affected.


Mitigation

  • Upgrade to TrueNAS 12.0-U2 or later.

Commit


Further information