Versions Affected : All versions prior to TrueNAS 12.0-U3


Description

A particular case of memory sharing is mishandled in the virtual memory system.

It is possible and legal to establish a relationship where multiple descendant processes share a mapping which shadows memory of an ancestor process. In this scenario, when one process modifies memory through such a mapping, the copy-on-write logic fails to invalidate other mappings of the source page. These stale mappings may remain even after the mapped pages have been reused for another purpose. An unprivileged local user process can maintain a mapping of a page after it is freed, allowing that process to read private data belonging to other processes or the kernel.


Workaround

No general workaround is available.


Mitigation

  • Upgrade to TrueNAS 12.0-U3 or later.

Commit


Further information