Vulnerability DatabaseCVE-2018-16884
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2018-16884
December 18, 2018
A flaw was found in the Linux kernel's NFS41+ subsystem. NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user can cause a host kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out.
Related Resources (25)
https://access.redhat.com/errata/RHSA-2019:2696
https://usn.ubuntu.com/3981-2/
https://www.oracle.com/security-alerts/cpuApr2021.html
https://access.redhat.com/security/cve/CVE-2018-16884
http://www.securityfocus.com/bid/106253
https://usn.ubuntu.com/3980-1/
https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16884
https://access.redhat.com/errata/RHSA-2019:2730
https://access.redhat.com/errata/RHSA-2019:3309
https://patchwork.kernel.org/patch/10733769/
https://usn.ubuntu.com/3932-1/
https://lists.debian.org/debian-lts-announce/2019/05/msg00002.html
https://access.redhat.com/errata/RHSA-2020:0204
https://access.redhat.com/errata/RHSA-2019:1891
https://usn.ubuntu.com/3981-1/
https://security-tracker.debian.org/tracker/CVE-2018-16884
https://usn.ubuntu.com/3980-2/
https://support.f5.com/csp/article/K21430012
https://patchwork.kernel.org/cover/10733767/
https://access.redhat.com/errata/RHSA-2019:1873
https://usn.ubuntu.com/3932-2/
https://access.redhat.com/errata/RHSA-2019:3517
https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html
https://people.canonical.com/~ubuntu-security/cve/CVE-2018-16884
Do you need more information?
Contact Us
CVSS v4
Base Score:
7
Attack Vector
ADJACENT
Attack Complexity
HIGH
Attack Requirements
NONE
Privileges Required
LOW
User Interaction
NONE
Vulnerable System Confidentiality
NONE
Vulnerable System Integrity
LOW
Vulnerable System Availability
HIGH
Subsequent System Confidentiality
NONE
Subsequent System Integrity
LOW
Subsequent System Availability
HIGH
CVSS v3
Base Score:
8
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH
CVSS v2
Base Score:
6.7
Access Vector
ADJACENT NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
COMPLETE
Weakness Type (CWE)
Use After Free
CWE-416
EPSS
Base Score:
0.05