CVE-2018-1049

MEDIUM

Description

In systemd prior to 234 a race condition exists between .mount and .automount units such that automount requests from kernel may not be serviced by systemd resulting in kernel holding the mountpoint and any processes that try to use said mount will hang. A race condition like this may lead to denial of service, until mount points are unmounted.

References

http://www.securitytracker.com/id/1041520

https://access.redhat.com/errata/RHSA-2018:0260

https://bugzilla.redhat.com/show_bug.cgi?id=1534701

https://lists.debian.org/debian-lts-announce/2018/11/msg00017.html

https://usn.ubuntu.com/3558-1/

Details

Source: MITRE

Published: 2018-02-16

Updated: 2019-04-26

Type: CWE-362

Risk Information

CVSS v2.0

Base Score: 4.3

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 8.6

Severity: MEDIUM

CVSS v3.0

Base Score: 5.9

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Impact Score: 3.6

Exploitability Score: 2.2

Severity: MEDIUM