CVE-2018-16884: Linux kernel: nfs: use-after-free in svc_process_common()

[Vladis Dronov <vdronov () redhat com>]

Heololo,

A flaw was found in the Linux kernel in the NFS4 subsystem. NFS41+ shares mounted
in different network namespaces at the same time can make bc_svc_process() use wrong
back-channel id and cause a use-after-free. Thus a malicious container user can cause
a host kernel memory corruption and a system panic. Due to the nature of the flaw,
privilege escalation cannot be fully ruled out.

The CVE-2018-16884 id was assigned to this flaw and proposed to MITRE. We would like
to suggest to use this id in public communications regarding this flaw.

A proposed patchset and a discussion:

https://patchwork.kernel.org/cover/10733767/

https://patchwork.kernel.org/patch/10733769/

References:

https://bugzilla.redhat.com/show_bug.cgi?id=1660375

Best regards,
Vladis Dronov | Red Hat, Inc. | Product Security Engineer