'[oss-security] CVE-2018-1049: systemd: automount: access to automounted volumes can lock up'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] CVE-2018-1049: systemd: automount: access to automounted volumes can lock up
From:       Vladis Dronov <vdronov () redhat ! com>
Date:       2018-01-19 16:40:09
Message-ID: 1505981632.2048745.1516380009804.JavaMail.zimbra () redhat ! com
[Download RAW message or body]

Heololo,

In systemd prior to v234 a race exists between .mount and .automount units such
that automount requests from kernel may not be serviced by systemd resulting in
kernel holding the mountpoint and any processes that try to use said mount will
hang. A race like this may lead to denial of service, until mount points are
unmounted. This race is easily reproducible.

References:

https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1709649

https://github.com/coreos/bugs/issues/1630

https://bugzilla.redhat.com/show_bug.cgi?id=1534701

An upstream issue:

https://github.com/systemd/systemd/pull/5916

An upstream patch:

https://github.com/systemd/systemd/commit/e7d54bf58789545a9eb0b3964233defa0b007318

Best regards,
Vladis Dronov | Red Hat, Inc. | Product Security Engineer
[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic