oss-sec mailing list archives
CVE-2018-16884: Linux kernel: nfs: use-after-free in svc_process_common()
From: Vladis Dronov <vdronov () redhat com>
Date: Wed, 19 Dec 2018 05:08:07 -0500 (EST)
Heololo, A flaw was found in the Linux kernel in the NFS4 subsystem. NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back-channel id and cause a use-after-free. Thus a malicious container user can cause a host kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out. The CVE-2018-16884 id was assigned to this flaw and proposed to MITRE. We would like to suggest to use this id in public communications regarding this flaw. A proposed patchset and a discussion: https://patchwork.kernel.org/cover/10733767/ https://patchwork.kernel.org/patch/10733769/ References: https://bugzilla.redhat.com/show_bug.cgi?id=1660375 Best regards, Vladis Dronov | Red Hat, Inc. | Product Security Engineer
Current thread:
- CVE-2018-16884: Linux kernel: nfs: use-after-free in svc_process_common() Vladis Dronov (Dec 19)