CVE-2018-1049

NameCVE-2018-1049
DescriptionIn systemd prior to 234 a race condition exists between .mount and .automount units such that automount requests from kernel may not be serviced by systemd resulting in kernel holding the mountpoint and any processes that try to use said mount will hang. A race condition like this may lead to denial of service, until mount points are unmounted.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDLA-1580-1

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
systemd (PTS)buster241-7~deb10u8fixed
buster (security)241-7~deb10u10fixed
bullseye247.3-7+deb11u4fixed
bookworm252.22-1~deb12u1fixed
sid, trixie255.4-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
systemdsourcejessie215-17+deb8u8DLA-1580-1
systemdsourcestretch232-25+deb9u10
systemdsource(unstable)234-1

Notes

[wheezy] - systemd <postponed> (Minor issue, can be fixed along in next DLA)
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1709649
https://github.com/systemd/systemd/pull/5916
https://github.com/systemd/systemd/commit/e7d54bf58789545a9eb0b3964233defa0b007318

Search for package or bug name: Reporting problems