Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Wed, 19 Dec 2018 05:08:07 -0500 (EST)
From: Vladis Dronov <vdronov@...hat.com>
To: oss-security@...ts.openwall.com
Subject: CVE-2018-16884: Linux kernel: nfs: use-after-free in
 svc_process_common()

Heololo,

A flaw was found in the Linux kernel in the NFS4 subsystem. NFS41+ shares mounted
in different network namespaces at the same time can make bc_svc_process() use wrong
back-channel id and cause a use-after-free. Thus a malicious container user can cause
a host kernel memory corruption and a system panic. Due to the nature of the flaw,
privilege escalation cannot be fully ruled out.

The CVE-2018-16884 id was assigned to this flaw and proposed to MITRE. We would like
to suggest to use this id in public communications regarding this flaw.

A proposed patchset and a discussion:

https://patchwork.kernel.org/cover/10733767/

https://patchwork.kernel.org/patch/10733769/

References:

https://bugzilla.redhat.com/show_bug.cgi?id=1660375

Best regards,
Vladis Dronov | Red Hat, Inc. | Product Security Engineer

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.