PT-2018-2681 · Linux+5 · Linux Kernel+5

Published

2015-06-03

·

Updated

2023-08-11

·

CVE-2018-16884

CVSS v3.1

8.0

High

VectorAV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description The issue is related to a use-after-free vulnerability in the Linux kernel's NFS41+ subsystem. This vulnerability can be exploited when NFS41+ shares are mounted in different network namespaces at the same time, causing the bc svc process() function to use incorrect back-channel IDs. A malicious container user can potentially cause host kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALT-PU-2015-1485
ALT-PU-2015-1849
ALT-PU-2019-1056
ALT-PU-2019-1057
ALT-PU-2019-1139
BDU:2019-01341
CESA-2019_1873
CESA-2019_3309
CESA-2019_3517
CVE-2018-16884
DLA-1731-1
DLA-1731-2
DLA-1771-1
MGASA-2019-0097
MGASA-2019-0098
MGASA-2019-0171
OPENSUSE-SU-2019:0065-1
OPENSUSE-SU-2019_0065-1
OPENSUSE-SU-2019_0140-1
RHSA-2019:1873
RHSA-2019:1891
RHSA-2019:2696
RHSA-2019:2730
RHSA-2019:3309
RHSA-2019:3517
RHSA-2019_1873
RHSA-2019_1891
RHSA-2019_3309
RHSA-2019_3517
RHSA-2020:0204
RHSA-2020:2854
SUSE-SU-2019:0148-1
SUSE-SU-2019:0150-1
SUSE-SU-2019:0196-1
SUSE-SU-2019:0222-1
SUSE-SU-2019:0224-1
SUSE-SU-2019:0236-1
SUSE-SU-2019:0298-1
SUSE-SU-2019:0320-1
SUSE-SU-2019:0326-1
SUSE-SU-2019:0356-1
SUSE-SU-2019:0439-1
SUSE-SU-2019:0541-1
SUSE-SU-2019:1289-1
SUSE-SU-2019_0236-1
SUSE-SU-2019_0326-1
SUSE-SU-2019_0356-1
USN-3932-1
USN-3932-2
USN-3980-1
USN-3980-2
USN-3981-1
USN-3981-2

Affected Products

Alt Linux
Centos
Linux Kernel
Red Hat
Suse
Ubuntu