oss-sec mailing list archives
CVE-2018-1049: systemd: automount: access to automounted volumes can lock up
From: Vladis Dronov <vdronov () redhat com>
Date: Fri, 19 Jan 2018 11:40:09 -0500 (EST)
Heololo, In systemd prior to v234 a race exists between .mount and .automount units such that automount requests from kernel may not be serviced by systemd resulting in kernel holding the mountpoint and any processes that try to use said mount will hang. A race like this may lead to denial of service, until mount points are unmounted. This race is easily reproducible. References: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1709649 https://github.com/coreos/bugs/issues/1630 https://bugzilla.redhat.com/show_bug.cgi?id=1534701 An upstream issue: https://github.com/systemd/systemd/pull/5916 An upstream patch: https://github.com/systemd/systemd/commit/e7d54bf58789545a9eb0b3964233defa0b007318 Best regards, Vladis Dronov | Red Hat, Inc. | Product Security Engineer
Current thread:
- CVE-2018-1049: systemd: automount: access to automounted volumes can lock up Vladis Dronov (Jan 19)