A flaw was found in the Linux kernel's NFS41+ subsystem. NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user can cause a host kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
History
16 May 2023, 10:49
Type | Values Removed | Values Added |
---|---|---|
References | (REDHAT) https://access.redhat.com/errata/RHSA-2019:1873 - Third Party Advisory | |
References | (REDHAT) https://access.redhat.com/errata/RHSA-2019:1891 - Third Party Advisory | |
References | (REDHAT) https://access.redhat.com/errata/RHSA-2020:0204 - Third Party Advisory | |
References | (MISC) https://www.oracle.com/security-alerts/cpuApr2021.html - Third Party Advisory | |
References | (REDHAT) https://access.redhat.com/errata/RHSA-2019:2730 - Third Party Advisory | |
References | (REDHAT) https://access.redhat.com/errata/RHSA-2019:2696 - Third Party Advisory | |
References | (REDHAT) https://access.redhat.com/errata/RHSA-2019:3517 - Third Party Advisory | |
References | (UBUNTU) https://usn.ubuntu.com/3981-2/ - Third Party Advisory | |
References | (UBUNTU) https://usn.ubuntu.com/3980-1/ - Third Party Advisory | |
References | (UBUNTU) https://usn.ubuntu.com/3981-1/ - Third Party Advisory | |
References | (UBUNTU) https://usn.ubuntu.com/3980-2/ - Third Party Advisory | |
References | (REDHAT) https://access.redhat.com/errata/RHSA-2019:3309 - Third Party Advisory | |
CPE | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
13 Feb 2023, 04:52
Type | Values Removed | Values Added |
---|---|---|
References |
|
02 Feb 2023, 16:18
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:redhat:enterprise_mrg:2.0:*:*:*:*:*:*:* | |
References |
|
14 Jun 2021, 18:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
Information
Published : 2018-12-18 22:29
Updated : 2023-12-10 12:44
NVD link : CVE-2018-16884
Mitre link : CVE-2018-16884
CVE.ORG link : CVE-2018-16884
JSON object : View
Products Affected
redhat
- enterprise_linux
- enterprise_mrg
canonical
- ubuntu_linux
debian
- debian_linux
linux
- linux_kernel
CWE
CWE-416
Use After Free