CVE-2018-1049 — MEDIUM (5.9)

Q: How severe is CVE-2018-1049?

CVE-2018-1049 has been rated MEDIUM with a CVSS base score of 5.9/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2018-1049?

Check the references section above for vendor advisories and patch information. Affected products include: Systemd Project Systemd, Redhat Enterprise Linux, Redhat Enterprise Linux Aus, Redhat Enterprise Linux Desktop, Redhat Enterprise Linux Server.

Vulnerability Description

In systemd prior to 234 a race condition exists between .mount and .automount units such that automount requests from kernel may not be serviced by systemd resulting in kernel holding the mountpoint and any processes that try to use said mount will hang. A race condition like this may lead to denial of service, until mount points are unmounted.

CVSS Score

5.9

MEDIUM

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Systemd Project	Systemd	< 234
Redhat	Enterprise Linux	7.0
Redhat	Enterprise Linux Aus	7.4
Redhat	Enterprise Linux Desktop	7.0
Redhat	Enterprise Linux Server	7.0
Redhat	Enterprise Linux Server Aus	7.4
Redhat	Enterprise Linux Server Eus	7.4
Redhat	Enterprise Linux Server Tus	7.4
Redhat	Enterprise Linux Workstation	7.0
Canonical	Ubuntu Linux	14.04
Debian	Debian Linux	8.0

Related Weaknesses (CWE)

CWE-362

References

http://www.securitytracker.com/id/1041520Third Party AdvisoryVDB Entry
https://access.redhat.com/errata/RHSA-2018:0260Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1534701Issue TrackingPatchThird Party Advisory
https://lists.debian.org/debian-lts-announce/2018/11/msg00017.htmlMailing ListThird Party Advisory
https://usn.ubuntu.com/3558-1/Third Party Advisory
http://www.securitytracker.com/id/1041520Third Party AdvisoryVDB Entry
https://access.redhat.com/errata/RHSA-2018:0260Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1534701Issue TrackingPatchThird Party Advisory
https://lists.debian.org/debian-lts-announce/2018/11/msg00017.htmlMailing ListThird Party Advisory
https://usn.ubuntu.com/3558-1/Third Party Advisory

FAQ

What is CVE-2018-1049?

CVE-2018-1049 is a vulnerability with a CVSS score of 5.9 (MEDIUM). In systemd prior to 234 a race condition exists between .mount and .automount units such that automount requests from kernel may not be serviced by systemd resulting in kernel holding the mountpoint a...

How severe is CVE-2018-1049?

CVE-2018-1049 has been rated MEDIUM with a CVSS base score of 5.9/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-1049?

Check the references section above for vendor advisories and patch information. Affected products include: Systemd Project Systemd, Redhat Enterprise Linux, Redhat Enterprise Linux Aus, Redhat Enterprise Linux Desktop, Redhat Enterprise Linux Server.