Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Fri, 19 Jan 2018 11:40:09 -0500 (EST)
From: Vladis Dronov <vdronov@...hat.com>
To: oss-security@...ts.openwall.com
Subject: CVE-2018-1049: systemd: automount: access to automounted volumes
 can lock up

Heololo,

In systemd prior to v234 a race exists between .mount and .automount units such
that automount requests from kernel may not be serviced by systemd resulting in
kernel holding the mountpoint and any processes that try to use said mount will
hang. A race like this may lead to denial of service, until mount points are
unmounted. This race is easily reproducible.

References:

https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1709649

https://github.com/coreos/bugs/issues/1630

https://bugzilla.redhat.com/show_bug.cgi?id=1534701

An upstream issue:

https://github.com/systemd/systemd/pull/5916

An upstream patch:

https://github.com/systemd/systemd/commit/e7d54bf58789545a9eb0b3964233defa0b007318

Best regards,
Vladis Dronov | Red Hat, Inc. | Product Security Engineer

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ