Name | CVE-2018-1049 |
Description | In systemd prior to 234 a race condition exists between .mount and .automount units such that automount requests from kernel may not be serviced by systemd resulting in kernel holding the mountpoint and any processes that try to use said mount will hang. A race condition like this may lead to denial of service, until mount points are unmounted. |
Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
References | DLA-1580-1, ELA-81-1 |
Vulnerable and fixed packages
The table below lists information on source packages.
Source Package | Release | Version | Status |
---|
systemd (PTS) | jessie, jessie (lts) | 215-17+deb8u15 | fixed |
| stretch (security) | 232-25+deb9u14 | fixed |
| stretch (lts), stretch | 232-25+deb9u17 | fixed |
| buster, buster (lts) | 241-7~deb10u11 | fixed |
| buster (security) | 241-7~deb10u10 | fixed |
| bullseye | 247.3-7+deb11u5 | fixed |
| bullseye (security) | 247.3-7+deb11u6 | fixed |
| bookworm | 252.30-1~deb12u2 | fixed |
| sid, trixie | 256.7-3 | fixed |
The information below is based on the following data on fixed versions.
Notes
[wheezy] - systemd <postponed> (Minor issue, can be fixed along in next DLA)
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1709649
https://github.com/systemd/systemd/pull/5916
https://github.com/systemd/systemd/commit/e7d54bf58789545a9eb0b3964233defa0b007318