PT-2018-2737 · Systemd+5 · Systemd+5

Pedro Sampaio

Published

2017-07-17

Updated

2022-01-31

CVE-2018-1049

CVSS v3.1

5.9

Medium

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions systemd versions prior to 234

Description The issue is related to a race condition between .mount and .automount units in systemd. This condition may cause the kernel to hold a mountpoint, leading to processes hanging when trying to use the mount. The race condition can result in a denial of service until the mount points are unmounted. The vulnerability is also described as being related to the simultaneous use of a shared resource and synchronization errors, which can be exploited by a remote attacker to cause a denial of service.

Recommendations For versions prior to 234, update to version 234 or later to resolve the issue. At the moment, there is no other information about additional mitigation measures for this vulnerability.

Fix

DoS

Race Condition

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-362

Related Identifiers

ALT-PU-2017-1893

BDU:2019-01640

CESA-2018_0260

CVE-2018-1049

DLA-1580-1

MGASA-2018-0094

RHSA-2018:0260

RHSA-2018_0260

SUSE-SU-2018:0299-1

USN-3558-1

Affected Products

Alt Linux

Centos

Red Hat

Suse

Ubuntu

Systemd

PT-2018-2737 · Systemd+5 · Systemd+5

CVE-2018-1049

Weakness Enumeration

Related Identifiers

Affected Products

References · 62