Get a Quote (408) 943-4100

Commercial Support

TrueNAS.com Software Systems Company Community Security iX Portal Download

Docs Navigation

TrueNAS CORE TrueNAS Enterprise TrueNAS SCALE TrueCommand Help Me Choose FreeNAS

Systems Overview M-Series X-Series R-Series Mini Series

Blog In the News TrueNAS Store iXsystems Careers

TrueNAS GitHub Community Forum Discord TrueNAS Merch Store

Application Asigra TrueNAS Solution Backup Big Data Cloud Multimedia Virtualization

Industry Education Finance Government Healthcare High-Tech Media & Entertainment

Support Documentation TrueNAS Security Blog Case Studies White Papers Solution Briefs iX Portal Plugins & Apps ZFS

Download TrueNAS CORE

Download TrueNAS SCALE

Get TrueNAS Enterprise

contrib lib9p

core

TrueNAS 13.0

FreeBSD-SA-22:12.lib9p : Missing bounds check in 9p message handlingc

2022-08-19

Versions Affected : All versions prior to TrueNAS 13.0-U2

Description

The implementation of lib9p’s handling of RWALK messages was missing a bounds check needed when unpacking the message contents. The missing check means that the receipt of a specially crafted message will cause lib9p to overwrite unrelated memory.

The bug can be triggered by a malicious bhyve guest kernel to overwrite memory in the bhyve(8) process. This could potentially lead to user-mode code execution on the host, subject to bhyve’s Capsicum sandbox.

Workaround

No workaround is available. Systems not using bhyve’s virtio-9p device model are not affected.

Mitigation

Upgrade to TrueNAS 13.0-U2 or later.

Commit

Further information

FreeBSD Errata Notice Entry