CVE-2018-1049

NameCVE-2018-1049
DescriptionIn systemd prior to 234 a race condition exists between .mount and .automount units such that automount requests from kernel may not be serviced by systemd resulting in kernel holding the mountpoint and any processes that try to use said mount will hang. A race condition like this may lead to denial of service, until mount points are unmounted.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
ReferencesDLA-1580-1
NVD severitymedium (attack range: remote)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
systemd (PTS)jessie215-17+deb8u7vulnerable
jessie (security)215-17+deb8u13fixed
stretch (security), stretch232-25+deb9u11fixed
buster241-5fixed
sid, bullseye241-7fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
systemdsource(unstable)234-1medium
systemdsourcejessie215-17+deb8u8mediumDLA-1580-1
systemdsourcestretch232-25+deb9u10medium

Notes

[wheezy] - systemd <postponed>  (Minor issue, can be fixed along in next DLA)
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1709649
https://github.com/systemd/systemd/pull/5916
https://github.com/systemd/systemd/commit/e7d54bf58789545a9eb0b3964233defa0b007318

Search for package or bug name: Reporting problems