Date: Fri, 19 Jan 2018 11:40:09 -0500 (EST) From: Vladis Dronov <vdronov@...hat.com> To: oss-security@...ts.openwall.com Subject: CVE-2018-1049: systemd: automount: access to automounted volumes can lock up Heololo, In systemd prior to v234 a race exists between .mount and .automount units such that automount requests from kernel may not be serviced by systemd resulting in kernel holding the mountpoint and any processes that try to use said mount will hang. A race like this may lead to denial of service, until mount points are unmounted. This race is easily reproducible. References: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1709649 https://github.com/coreos/bugs/issues/1630 https://bugzilla.redhat.com/show_bug.cgi?id=1534701 An upstream issue: https://github.com/systemd/systemd/pull/5916 An upstream patch: https://github.com/systemd/systemd/commit/e7d54bf58789545a9eb0b3964233defa0b007318 Best regards, Vladis Dronov | Red Hat, Inc. | Product Security Engineer
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.