CVE-2018-16884
HIGHCVSS 8/10EPSS 1.46%
Last modified
CVE-2018-16884 is a high-severity vulnerability rated 8/10 on the CVSS scale. A flaw was found in the Linux kernel's NFS41+ subsystem. NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back-channel IDs and cause a use-after-free vulnerability. EPSS estimates a 1.46% chance of exploitation in the next 30 days.
Description
A flaw was found in the Linux kernel's NFS41+ subsystem. NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user can cause a host kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out.
Metrics
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | >= 3.7, < 3.16.65 |
| Linux | Linux Kernel | >= 3.17, < 3.18.133 |
| Linux | Linux Kernel | >= 3.19, < 4.4.171 |
| Linux | Linux Kernel | >= 4.5, < 4.9.151 |
| Linux | Linux Kernel | >= 4.10, < 4.14.94 |
| Linux | Linux Kernel | >= 4.15, < 4.19.16 |
| Linux | Linux Kernel | >= 4.20, < 4.20.3 |
| Redhat | Enterprise Linux | 7.0 |
| Redhat | Enterprise Mrg | 2.0 |
| Debian | Debian Linux | 8.0 |
| Canonical | Ubuntu Linux | 14.04 |
| Canonical | Ubuntu Linux | 16.04 |
References
- http://www.securityfocus.com/bid/106253Third Party Advisory, VDB Entry
- https://access.redhat.com/errata/RHSA-2019:1873Third Party Advisory
- https://access.redhat.com/errata/RHSA-2019:1891Third Party Advisory
- https://access.redhat.com/errata/RHSA-2019:2696Third Party Advisory
- https://access.redhat.com/errata/RHSA-2019:2730Third Party Advisory
- https://access.redhat.com/errata/RHSA-2019:3309Third Party Advisory
- https://access.redhat.com/errata/RHSA-2019:3517Third Party Advisory
- https://access.redhat.com/errata/RHSA-2020:0204Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16884Issue Tracking, Patch, Third Party Advisory
- https://lists.debian.org/debian-lts-announce/2019/03/msg00034.htmlMailing List, Third Party Advisory
- https://lists.debian.org/debian-lts-announce/2019/04/msg00004.htmlMailing List, Third Party Advisory
- https://lists.debian.org/debian-lts-announce/2019/05/msg00002.htmlMailing List, Third Party Advisory
- https://patchwork.kernel.org/cover/10733767/Patch, Vendor Advisory
- https://patchwork.kernel.org/patch/10733769/Patch, Vendor Advisory
- https://support.f5.com/csp/article/K21430012Third Party Advisory
- https://usn.ubuntu.com/3932-1/Third Party Advisory
- https://usn.ubuntu.com/3932-2/Third Party Advisory
- https://usn.ubuntu.com/3980-1/Third Party Advisory
- https://usn.ubuntu.com/3980-2/Third Party Advisory
- https://usn.ubuntu.com/3981-1/Third Party Advisory
- https://usn.ubuntu.com/3981-2/Third Party Advisory
- https://www.oracle.com/security-alerts/cpuApr2021.htmlThird Party Advisory
- http://www.securityfocus.com/bid/106253Third Party Advisory, VDB Entry
- https://access.redhat.com/errata/RHSA-2019:1873Third Party Advisory
- https://access.redhat.com/errata/RHSA-2019:1891Third Party Advisory
- https://access.redhat.com/errata/RHSA-2019:2696Third Party Advisory
- https://access.redhat.com/errata/RHSA-2019:2730Third Party Advisory
- https://access.redhat.com/errata/RHSA-2019:3309Third Party Advisory
- https://access.redhat.com/errata/RHSA-2019:3517Third Party Advisory
- https://access.redhat.com/errata/RHSA-2020:0204Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16884Issue Tracking, Patch, Third Party Advisory
- https://lists.debian.org/debian-lts-announce/2019/03/msg00034.htmlMailing List, Third Party Advisory
- https://lists.debian.org/debian-lts-announce/2019/04/msg00004.htmlMailing List, Third Party Advisory
- https://lists.debian.org/debian-lts-announce/2019/05/msg00002.htmlMailing List, Third Party Advisory
- https://patchwork.kernel.org/cover/10733767/Patch, Vendor Advisory
- https://patchwork.kernel.org/patch/10733769/Patch, Vendor Advisory
- https://support.f5.com/csp/article/K21430012Third Party Advisory
- https://usn.ubuntu.com/3932-1/Third Party Advisory
- https://usn.ubuntu.com/3932-2/Third Party Advisory
- https://usn.ubuntu.com/3980-1/Third Party Advisory
- https://usn.ubuntu.com/3980-2/Third Party Advisory
- https://usn.ubuntu.com/3981-1/Third Party Advisory
- https://usn.ubuntu.com/3981-2/Third Party Advisory
- https://www.oracle.com/security-alerts/cpuApr2021.htmlThird Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2018-16884?
A flaw was found in the Linux kernel's NFS41+ subsystem. NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user can cause a host kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out.
How severe is CVE-2018-16884?
CVE-2018-16884 has a CVSS score of 8/10 (HIGH severity). The EPSS model estimates a 1.46% probability of exploitation in the next 30 days.
How do I fix CVE-2018-16884?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.
Are you affected by CVE-2018-16884?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST