|
Message-ID: <110923674.56846830.1545214087115.JavaMail.zimbra@redhat.com> Date: Wed, 19 Dec 2018 05:08:07 -0500 (EST) From: Vladis Dronov <vdronov@...hat.com> To: oss-security@...ts.openwall.com Subject: CVE-2018-16884: Linux kernel: nfs: use-after-free in svc_process_common() Heololo, A flaw was found in the Linux kernel in the NFS4 subsystem. NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back-channel id and cause a use-after-free. Thus a malicious container user can cause a host kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out. The CVE-2018-16884 id was assigned to this flaw and proposed to MITRE. We would like to suggest to use this id in public communications regarding this flaw. A proposed patchset and a discussion: https://patchwork.kernel.org/cover/10733767/ https://patchwork.kernel.org/patch/10733769/ References: https://bugzilla.redhat.com/show_bug.cgi?id=1660375 Best regards, Vladis Dronov | Red Hat, Inc. | Product Security Engineer
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.