CVE-2018-16884
HIGHLinux Kernel 3.7-3.16.64 - Use-After-Free in NFS41+ Back-Channel ID Handling
Title source: llmDescription
A flaw was found in the Linux kernel's NFS41+ subsystem. NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user can cause a host kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out.
References (22)
Core 22
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/106253
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html
Third Party Advisory vendor-advisory
x_refsource_ubuntu
https://usn.ubuntu.com/3932-1/
Third Party Advisory vendor-advisory
x_refsource_ubuntu
https://usn.ubuntu.com/3932-2/
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2019/05/msg00002.html
Third Party Advisory vendor-advisory
x_refsource_ubuntu
https://usn.ubuntu.com/3981-1/
Third Party Advisory vendor-advisory
x_refsource_ubuntu
https://usn.ubuntu.com/3980-1/
Third Party Advisory vendor-advisory
x_refsource_ubuntu
https://usn.ubuntu.com/3980-2/
Third Party Advisory vendor-advisory
x_refsource_ubuntu
https://usn.ubuntu.com/3981-2/
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2019:1873
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2019:1891
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2019:2696
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2019:2730
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2019:3309
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2019:3517
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2020:0204
Third Party Advisory x_refsource_misc
https://www.oracle.com/security-alerts/cpuApr2021.html
Issue Tracking, Patch, Third Party Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16884
Patch, Vendor Advisory x_refsource_confirm
https://patchwork.kernel.org/patch/10733769/
Patch, Vendor Advisory x_refsource_confirm
https://patchwork.kernel.org/cover/10733767/
Third Party Advisory x_refsource_confirm
https://support.f5.com/csp/article/K21430012
Scores
CVSS v3
8.0
EPSS
0.0005
EPSS Percentile
15.2%
Attack Vector
ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-416
Status
published
Products (6)
canonical/ubuntu_linux
14.04
canonical/ubuntu_linux
16.04
debian/debian_linux
8.0
linux/linux_kernel
3.7 - 3.16.65
redhat/enterprise_linux
7.0
redhat/enterprise_mrg
2.0
Published
Dec 18, 2018
Tracked Since
Feb 18, 2026