A flaw was found in the Linux kernel's NFS41+ subsystem. NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user can cause a host kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
History
16 May 2023, 10:49
Type | Values Removed | Values Added |
---|---|---|
References | (REDHAT) https://access.redhat.com/errata/RHSA-2019:2696 - Third Party Advisory | |
References | (REDHAT) https://access.redhat.com/errata/RHSA-2020:0204 - Third Party Advisory | |
References | (REDHAT) https://access.redhat.com/errata/RHSA-2019:1873 - Third Party Advisory | |
References | (MISC) https://www.oracle.com/security-alerts/cpuApr2021.html - Third Party Advisory | |
References | (REDHAT) https://access.redhat.com/errata/RHSA-2019:3517 - Third Party Advisory | |
References | (UBUNTU) https://usn.ubuntu.com/3981-1/ - Third Party Advisory | |
References | (REDHAT) https://access.redhat.com/errata/RHSA-2019:3309 - Third Party Advisory | |
References | (UBUNTU) https://usn.ubuntu.com/3981-2/ - Third Party Advisory | |
References | (UBUNTU) https://usn.ubuntu.com/3980-2/ - Third Party Advisory | |
References | (UBUNTU) https://usn.ubuntu.com/3980-1/ - Third Party Advisory | |
References | (REDHAT) https://access.redhat.com/errata/RHSA-2019:1891 - Third Party Advisory | |
References | (REDHAT) https://access.redhat.com/errata/RHSA-2019:2730 - Third Party Advisory | |
CPE | cpe:2.3:a:redhat:enterprise_mrg:2.0:*:*:*:*:*:*:* |
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_mrg:2.0:*:*:*:*:*:*:* |
14 Jun 2021, 18:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
Information
Published : 2018-12-18 22:29
Updated : 2024-02-04 20:03
NVD link : CVE-2018-16884
Mitre link : CVE-2018-16884
CVE.ORG link : CVE-2018-16884
JSON object : View
Products Affected
canonical
- ubuntu_linux
redhat
- enterprise_mrg
- enterprise_linux
linux
- linux_kernel
debian
- debian_linux
CWE
CWE-416
Use After Free