Use-after-free error in Linux kernel

#VU16616 Use-after-free error in Linux kernel

Published: 2018-12-19 | Updated: 2018-12-19

Vulnerability identifier: #VU16616

Vulnerability risk: Low

CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2018-16884

CWE-ID: CWE-416

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists due to bc_svc_process() use wrong back-channel id when NFS41+ shares mounted in different network namespaces at the same time. A remote attacker can use a malicious container to trigger use-after-free error and cause a system panic.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel:

External links
http://patchwork.kernel.org/cover/10733767/
http://patchwork.kernel.org/patch/10733769/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

Latest bulletins with this vulnerability

Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions update for kernel

Red Hat Enterprise Linux 8 update for kernel-rt

Red Hat update for kernel

Red Hat update for kernel-rt

OpenSUSE Linux update for the Linux Kernel

Amazon Linux AMI update for kernel

Multiple vulnerabilities in Linux Kernel