#VU16616 Use-after-free error in Linux kernel - CVE-2018-16884

Cybersecurity Help s.r.o.

Published: 2018-12-19 | Updated: 2018-12-19

Vulnerability identifier: #VU16616

Vulnerability risk: Low

CVSSv4.0: 7.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear]

CVE-ID: CVE-2018-16884

CWE-ID: CWE-416

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists due to bc_svc_process() use wrong back-channel id when NFS41+ shares mounted in different network namespaces at the same time. A remote attacker can use a malicious container to trigger use-after-free error and cause a system panic.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

External links
https://patchwork.kernel.org/cover/10733767/
https://patchwork.kernel.org/patch/10733769/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

Latest bulletins with this vulnerability

Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions update for kernel

Red Hat Enterprise Linux 8 update for kernel-rt

Red Hat update for kernel

Red Hat update for kernel-rt

OpenSUSE Linux update for the Linux Kernel

Amazon Linux AMI update for kernel

Multiple vulnerabilities in Linux Kernel