First published: Tue Nov 27 2018(Updated: )
A flaw was found in the Linux kernel in the NFS41+ subsystem. NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back-channel id and cause a use-after-free. Thus a malicious container user can cause a host kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely. References: <a href="https://seclists.org/oss-sec/2018/q4/267">https://seclists.org/oss-sec/2018/q4/267</a> A proposed patchset: <a href="https://patchwork.kernel.org/cover/10733767/">https://patchwork.kernel.org/cover/10733767/</a> <a href="https://patchwork.kernel.org/patch/10733769/">https://patchwork.kernel.org/patch/10733769/</a>
Credit: secalert@redhat.com secalert@redhat.com secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/kernel-rt | <0:3.10.0-957.27.2.rt56.940.el7 | 0:3.10.0-957.27.2.rt56.940.el7 |
redhat/kernel | <0:3.10.0-957.27.2.el7 | 0:3.10.0-957.27.2.el7 |
redhat/kernel-alt | <0:4.14.0-115.26.1.el7a | 0:4.14.0-115.26.1.el7a |
redhat/kernel | <0:3.10.0-693.58.1.el7 | 0:3.10.0-693.58.1.el7 |
redhat/kernel-rt | <0:4.18.0-147.rt24.93.el8 | 0:4.18.0-147.rt24.93.el8 |
redhat/kernel | <0:4.18.0-147.el8 | 0:4.18.0-147.el8 |
redhat/kernel | <0:4.18.0-80.15.1.el8_0 | 0:4.18.0-80.15.1.el8_0 |
redhat/kernel-rt | <1:3.10.0-693.58.1.rt56.652.el6 | 1:3.10.0-693.58.1.rt56.652.el6 |
Linux Kernel | >=3.7<3.16.65 | |
Linux Kernel | >=3.17<3.18.133 | |
Linux Kernel | >=3.19<4.4.171 | |
Linux Kernel | >=4.5<4.9.151 | |
Linux Kernel | >=4.10<4.14.94 | |
Linux Kernel | >=4.15<4.19.16 | |
Linux Kernel | >=4.20<4.20.3 | |
Red Hat Enterprise Linux | =7.0 | |
Red Hat Enterprise MRG | =2.0 | |
Debian GNU/Linux | =8.0 | |
Ubuntu Linux | =14.04 | |
Ubuntu Linux | =16.04 | |
debian/linux | 5.10.223-1 5.10.226-1 6.1.123-1 6.1.128-1 6.12.12-1 6.12.13-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Appears in the following advisories)
CVE-2018-16884 is considered a critical vulnerability due to its potential to cause kernel memory corruption.
To fix CVE-2018-16884, update the kernel to one of the patched versions specified by your distribution, such as kernel-rt or kernel for Red Hat and Debian.
CVE-2018-16884 affects various Linux kernel versions, particularly those in Red Hat and Debian distributions.
CVE-2018-16884 can be exploited by a malicious container user to cause a use-after-free condition and potential kernel memory corruption.
To determine if your kernel version is safe from CVE-2018-16884, compare it with the known vulnerable versions listed in security advisories.