Versions Affected : All versions prior to TrueNAS 12.0-U5


Description

A programming error in the Linux compatibility layer futex(2) system call might allow attackers to cause a denial of service

It is possible for an unprivileged local attacker to specify negative wake or requeue value for futex_requeue, which may result in a signed integer overflow.


Workaround

No workaround is available. Systems not using the Linux binary compatibility layer are not affected


Mitigation

  • Upgrade to TrueNAS 12.0-U5 or later.

Commit


Further information