CVE-2018-1049

NameCVE-2018-1049
DescriptionIn systemd prior to 234 a race condition exists between .mount and .automount units such that automount requests from kernel may not be serviced by systemd resulting in kernel holding the mountpoint and any processes that try to use said mount will hang. A race condition like this may lead to denial of service, until mount points are unmounted.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDLA-1580-1, ELA-81-1

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
systemd (PTS)jessie, jessie (lts)215-17+deb8u15fixed
stretch (security)232-25+deb9u14fixed
stretch (lts), stretch232-25+deb9u17fixed
buster, buster (lts)241-7~deb10u11fixed
buster (security)241-7~deb10u10fixed
bullseye247.3-7+deb11u5fixed
bullseye (security)247.3-7+deb11u6fixed
bookworm252.31-1~deb12u1fixed
trixie257-2fixed
sid257.1-4fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
systemdsourcewheezy44-11+deb7u6ELA-81-1
systemdsourcejessie215-17+deb8u8DLA-1580-1
systemdsourcestretch232-25+deb9u10
systemdsource(unstable)234-1

Notes

[wheezy] - systemd <postponed> (Minor issue, can be fixed along in next DLA)
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1709649
https://github.com/systemd/systemd/pull/5916
https://github.com/systemd/systemd/commit/e7d54bf58789545a9eb0b3964233defa0b007318

Search for package or bug name: Reporting problems