Public Date:
1356471: CVE-2016-6213 kernel: Overflowing kernel mount table using shared bind mount
It was found that in Linux kernel the mount table expands by a power-of-two with each bind mount command. If a system is configured to allow non-privileged user to do bind mounts, or allows to do so in a container or unprivileged mount namespace, then non-privileged user is able to cause a local DoS by overflowing the mount table, which causes a deadlock for the whole system.

Find out more about CVE-2016-6213 from the MITRE CVE dictionary dictionary and NIST NVD.


This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, 6, 7 and MRG-2 as of now due to the absence of unprivileged mount name spaces support.

Nevertheless, the unprivileged mount name spaces might be added to a future RHEL-7 version as a supported feature, so future Linux kernel updates for the respective releases might address this issue.

CVSS v2 metrics

Base Score 4
Base Metrics AV:L/AC:H/Au:N/C:N/I:N/A:C
Access Vector Local
Access Complexity High
Authentication None
Confidentiality Impact None
Integrity Impact None
Availability Impact Complete

CVSS v3 metrics

CVSS3 Base Score 4.7
CVSS3 Base Metrics CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity High
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity Impact None
Availability Impact High

Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 7 (kernel) RHSA-2017:1842 2017-08-01
Red Hat Enterprise Linux for Real Time for NFV (v. 7) (kernel-rt) RHSA-2017:2077 2017-08-01

Affected Packages State

Platform Package State
Red Hat Enterprise MRG 2 realtime-kernel Not affected
Red Hat Enterprise Linux 6 kernel Not affected
Red Hat Enterprise Linux 5 kernel Not affected
Unless explicitly stated as not affected, all previous versions of packages in any minor update stream of a product listed here should be assumed vulnerable, although may not have been subject to full analysis.


This issue was discovered by Qian Cai (Red Hat).
Last Modified