Vulnerability CVE-2018-1049
Published: 2018-02-16

Description:
In systemd prior to 234 a race condition exists between .mount and .automount units such that automount requests from kernel may not be serviced by systemd resulting in kernel holding the mountpoint and any processes that try to use said mount will hang. A race condition like this may lead to denial of service, until mount points are unmounted.

Type:

CWE-362

CVSS2 => (AV:N/AC:M/Au:N/C:N/I:N/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.3/10
2.9/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Partial
Affected software
Redhat -> Enterprise linux 
Redhat -> Enterprise linux desktop 
Redhat -> Enterprise linux server 
Redhat -> Enterprise linux workstation 
Redhat -> Enterprise linux aus 
Redhat -> Enterprise linux server aus 
Redhat -> Enterprise linux server eus 
Redhat -> Enterprise linux server tus 
Freedesktop -> Systemd 
Debian -> Debian linux 
Canonical -> Ubuntu linux 

 References:
http://www.securitytracker.com/id/1041520
https://access.redhat.com/errata/RHSA-2018:0260
https://bugzilla.redhat.com/show_bug.cgi?id=1534701
https://lists.debian.org/debian-lts-announce/2018/11/msg00017.html
https://usn.ubuntu.com/3558-1/
Copyright 2024, cxsecurity.com

 

Back to Top