CVE-2018-16884
CVSS v3.1
8 (High)
CVSS v2.0
6.7 (Medium)
EPSS
0.06 % (28th)
Affected Products
5
Advisories
33
A flaw was found in the Linux kernel's NFS41+ subsystem. NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user can cause a host kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out.
Weaknesses
- CWE-416
- Use After Free
- CVE Status
- PUBLISHED
- CNA
- Red Hat, Inc.
- Published Date
-
2018-12-18 22:29:04
(5 years ago) - Updated Date
-
2023-08-11 19:12:44
(13 months ago)
Affected Products
Loading...
Loading...
Configuration #1
|
Configuration #2
|
Configuration #3
|
Configuration #4
|
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...