Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 647956 (CVE-2018-1049) - <sys-apps/systemd-236-r5: race condition between .mount and .automount units
Summary: <sys-apps/systemd-236-r5: race condition between .mount and .automount units
Status: RESOLVED FIXED
Alias: CVE-2018-1049
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: https://bugzilla.redhat.com/show_bug....
Whiteboard: B3 [noglsa cve]
Keywords:
Depends on: 638972
Blocks:
  Show dependency tree
 
Reported: 2018-02-17 21:14 UTC by Demetris Nakos (sokan)
Modified: 2018-05-03 00:08 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Demetris Nakos (sokan) 2018-02-17 21:14:02 UTC
In systemd prior to 234 a race condition exists between .mount and .automount units such that automount requests from kernel may not be serviced by systemd resulting in kernel holding the mountpoint and any processes that try to use said mount will hang. A race condition like this may lead to denial of service, until mount points are unmounted.

Does this affect us?

-Gentoo Security Padawan-
Comment 1 Mike Gilbert gentoo-dev 2018-02-26 16:22:11 UTC
We were probably affected at some point.

systemd-236 is being stabilized in bug 638972, and that version should be unaffected.
Comment 2 Mart Raudsepp gentoo-dev 2018-05-01 11:20:28 UTC
Last security supported arch was done stabling over a month ago, something to proceed here?
Comment 3 Aaron Bauman Gentoo Infrastructure gentoo-dev Security 2018-05-03 00:08:10 UTC
GLSA Vote: No

Tree is clean.