CVE-2018-16884

Impact:
Important
Public Date:
2018-11-27
CWE:
CWE-416
Bugzilla:
1660375: CVE-2018-16884 kernel: nfs: use-after-free in svc_process_common()
A flaw was found in the Linux kernel's NFS41+ subsystem. NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user can cause a host kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out.

Find out more about CVE-2018-16884 from the MITRE CVE dictionary dictionary and NIST NVD.

CVSS v3 metrics

NOTE: The following CVSS v3 metrics and score provided are preliminary and subject to review.

CVSS3 Base Score 6.5
CVSS3 Base Metrics CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:H
Attack Vector Adjacent Network
Attack Complexity High
Privileges Required Low
User Interaction None
Scope Changed
Confidentiality None
Integrity Impact Low
Availability Impact High

Affected Packages State

Platform Package State
Red Hat Enterprise MRG 2 kernel-rt Affected
Red Hat Enterprise Linux 8 kernel Affected
Red Hat Enterprise Linux 8 kernel-rt Affected
Red Hat Enterprise Linux 7 kernel-alt Affected
Red Hat Enterprise Linux 7 kernel Affected
Red Hat Enterprise Linux 7 kernel-rt Affected
Red Hat Enterprise Linux 6 kernel Not affected
Red Hat Enterprise Linux 5 kernel Not affected

Acknowledgements

Red Hat would like to thank Vasily Averin (Virtuozzo) and Evgenii Shatokhin (Virtuozzo) for reporting this issue.
Last Modified