CVE-2018-1049

MEDIUM

Systemd < 234 - Race Condition

Title source: rule

Description

In systemd prior to 234 a race condition exists between .mount and .automount units such that automount requests from kernel may not be serviced by systemd resulting in kernel holding the mountpoint and any processes that try to use said mount will hang. A race condition like this may lead to denial of service, until mount points are unmounted.

Exploits (1)

nomisec WORKING POC

by lukehebe · poc

https://github.com/lukehebe/CVE-2018-1049-POC

View Code ZIP pw:eip

References (5)

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1041520

[Mailing List, Third Party Advisory] https://lists.debian.org/debian-lts-announce/2018/11/msg00017.html

[Third Party Advisory] https://access.redhat.com/errata/RHSA-2018:0260

[Issue Tracking, Patch, Third Party Advisory] https://bugzilla.redhat.com/show_bug.cgi?id=1534701

[Third Party Advisory] https://usn.ubuntu.com/3558-1/

Scores

CVSS v3 5.9

EPSS 0.0051

EPSS Percentile 66.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-362

Status published

Products (17)

canonical/ubuntu_linux 14.04

canonical/ubuntu_linux 16.04

debian/debian_linux 8.0

redhat/enterprise_linux 7.0

redhat/enterprise_linux_aus 7.4

redhat/enterprise_linux_aus 7.6

redhat/enterprise_linux_desktop 7.0

redhat/enterprise_linux_server 7.0

redhat/enterprise_linux_server_aus 7.4

redhat/enterprise_linux_server_aus 7.6

... and 7 more

Published Feb 16, 2018

Tracked Since Feb 18, 2026