A flaw was found in the Linux kernel's NFS41+ subsystem. NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user can cause a host kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out.
http://www.securityfocus.com/bid/106253
https://access.redhat.com/errata/RHSA-2019:1873
https://access.redhat.com/errata/RHSA-2019:1891
https://access.redhat.com/errata/RHSA-2019:2696
https://access.redhat.com/errata/RHSA-2019:2730
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16884
https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html
https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html
https://lists.debian.org/debian-lts-announce/2019/05/msg00002.html
https://patchwork.kernel.org/cover/10733767/
https://patchwork.kernel.org/patch/10733769/
https://support.f5.com/csp/article/K21430012
https://usn.ubuntu.com/3932-1/
https://usn.ubuntu.com/3932-2/
https://usn.ubuntu.com/3980-1/
https://usn.ubuntu.com/3980-2/
Source: MITRE
Published: 2018-12-18
Updated: 2019-05-29
Type: CWE-416
Base Score: 6.7
Vector: AV:A/AC:L/Au:S/C:P/I:P/A:C
Impact Score: 8.5
Exploitability Score: 5.1
Severity: MEDIUM
Base Score: 8
Vector: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Impact Score: 5.9
Exploitability Score: 2.1
Severity: HIGH
OR
OR
OR
OR
ID | Name | Product | Family | Severity |
---|---|---|---|---|
145665 | CentOS 8 : kernel (CESA-2019:3517) | Nessus | CentOS Local Security Checks | high |
143086 | RHEL 7 : kernel-alt (RHSA-2020:2854) | Nessus | Red Hat Local Security Checks | high |
141374 | OracleVM 3.4 : Unbreakable / etc (OVMSA-2020-0044) | Nessus | OracleVM Local Security Checks | critical |
141207 | Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2020-5866) | Nessus | Oracle Linux Local Security Checks | critical |
140499 | Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2020-5845) | Nessus | Oracle Linux Local Security Checks | high |
140496 | Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2020-5841) | Nessus | Oracle Linux Local Security Checks | high |
134735 | EulerOS Virtualization 3.0.2.2 : kernel (EulerOS-SA-2020-1269) | Nessus | Huawei Local Security Checks | high |
133221 | RHEL 8 : kernel (RHSA-2020:0204) | Nessus | Red Hat Local Security Checks | critical |
132495 | NewStart CGSL CORE 5.05 / MAIN 5.05 : kernel-rt Multiple Vulnerabilities (NS-SA-2019-0253) | Nessus | NewStart CGSL Local Security Checks | high |
132474 | NewStart CGSL CORE 5.05 / MAIN 5.05 : kernel Multiple Vulnerabilities (NS-SA-2019-0247) | Nessus | NewStart CGSL Local Security Checks | high |
130547 | RHEL 8 : kernel (RHSA-2019:3517) | Nessus | Red Hat Local Security Checks | high |
130526 | RHEL 8 : kernel-rt (RHSA-2019:3309) | Nessus | Red Hat Local Security Checks | high |
129920 | NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel-rt Multiple Vulnerabilities (NS-SA-2019-0183) | Nessus | NewStart CGSL Local Security Checks | high |
129900 | NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel Multiple Vulnerabilities (NS-SA-2019-0180) | Nessus | NewStart CGSL Local Security Checks | high |
128854 | RHEL 6 : MRG (RHSA-2019:2730) | Nessus | Red Hat Local Security Checks | high |
128662 | RHEL 7 : kernel (RHSA-2019:2696) | Nessus | Red Hat Local Security Checks | high |
127726 | Scientific Linux Security Update : kernel on SL7.x x86_64 (20190729) | Nessus | Scientific Linux Local Security Checks | medium |
127623 | RHEL 7 : kernel-rt (RHSA-2019:1891) | Nessus | Red Hat Local Security Checks | medium |
127618 | RHEL 7 : kernel (RHSA-2019:1873) | Nessus | Red Hat Local Security Checks | medium |
127603 | Oracle Linux 7 : kernel (ELSA-2019-1873) | Nessus | Oracle Linux Local Security Checks | medium |
127469 | CentOS 7 : kernel (CESA-2019:1873) | Nessus | CentOS Local Security Checks | medium |
125514 | EulerOS 2.0 SP3 : kernel (EulerOS-SA-2019-1587) | Nessus | Huawei Local Security Checks | high |
125513 | EulerOS 2.0 SP2 : kernel (EulerOS-SA-2019-1586) | Nessus | Huawei Local Security Checks | high |
125283 | SUSE SLES12 Security Update : kernel (SUSE-SU-2019:1289-1) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout) | Nessus | SuSE Local Security Checks | high |
125142 | Ubuntu 16.04 LTS : Linux kernel (HWE) vulnerabilities (USN-3981-2) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout) | Nessus | Ubuntu Local Security Checks | high |
125141 | Ubuntu 18.04 LTS : Linux kernel vulnerabilities (USN-3981-1) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout) | Nessus | Ubuntu Local Security Checks | high |
125140 | Ubuntu 18.04 LTS : Linux kernel (HWE) vulnerabilities (USN-3980-2) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout) | Nessus | Ubuntu Local Security Checks | high |
125139 | Ubuntu 18.10 : Linux kernel vulnerabilities (USN-3980-1) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout) | Nessus | Ubuntu Local Security Checks | high |
124595 | Debian DLA-1771-1 : linux-4.9 security update | Nessus | Debian Local Security Checks | high |
124431 | EulerOS 2.0 SP5 : kernel (EulerOS-SA-2019-1304) | Nessus | Huawei Local Security Checks | high |
123681 | Ubuntu 14.04 LTS : linux-lts-xenial, linux-aws vulnerabilities (USN-3932-2) | Nessus | Ubuntu Local Security Checks | high |
123680 | Ubuntu 16.04 LTS : linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities (USN-3932-1) | Nessus | Ubuntu Local Security Checks | high |
123420 | Debian DLA-1731-2 : linux regression update (Spectre) | Nessus | Debian Local Security Checks | high |
122609 | SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2019:0541-1) | Nessus | SuSE Local Security Checks | high |
122343 | SUSE SLES12 Security Update : kernel (SUSE-SU-2019:0439-1) | Nessus | SuSE Local Security Checks | high |
122181 | SUSE SLES12 Security Update : kernel (SUSE-SU-2019:0356-1) | Nessus | SuSE Local Security Checks | medium |
122113 | SUSE SLES12 Security Update : kernel (SUSE-SU-2019:0326-1) | Nessus | SuSE Local Security Checks | medium |
121633 | openSUSE Security Update : the Linux Kernel (openSUSE-2019-140) | Nessus | SuSE Local Security Checks | high |
121571 | SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2019:0224-1) | Nessus | SuSE Local Security Checks | high |
121569 | SUSE SLES12 Security Update : kernel (SUSE-SU-2019:0222-1) (Spectre) | Nessus | SuSE Local Security Checks | high |
121505 | Slackware 14.2 : Slackware 14.2 kernel (SSA:2019-030-01) | Nessus | Slackware Local Security Checks | high |
121466 | SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2019:0196-1) | Nessus | SuSE Local Security Checks | high |
121370 | Amazon Linux AMI : kernel (ALAS-2019-1149) | Nessus | Amazon Linux Local Security Checks | medium |
121362 | Amazon Linux 2 : kernel (ALAS-2019-1149) | Nessus | Amazon Linux Local Security Checks | medium |
121344 | SUSE SLES12 Security Update : kernel (SUSE-SU-2019:0148-1) (Spectre) | Nessus | SuSE Local Security Checks | high |
121289 | openSUSE Security Update : the Linux Kernel (openSUSE-2019-65) | Nessus | SuSE Local Security Checks | high |
121258 | Fedora 28 : kernel / kernel-headers / kernel-tools (2019-20a89ca9af) | Nessus | Fedora Local Security Checks | medium |
121104 | Virtuozzo 7 : readykernel-patch (VZA-2018-089) | Nessus | Virtuozzo Local Security Checks | medium |