{"id":"CVE-2018-16884","details":"A flaw was found in the Linux kernel's NFS41+ subsystem. NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user can cause a host kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out.","modified":"2026-03-12T22:46:19.279998Z","published":"2018-12-18T22:29:04.713Z","related":["MGASA-2019-0097","MGASA-2019-0098","MGASA-2019-0171","SUSE-SU-2019:0148-1","SUSE-SU-2019:0150-1","SUSE-SU-2019:0196-1","SUSE-SU-2019:0222-1","SUSE-SU-2019:0224-1","SUSE-SU-2019:0236-1","SUSE-SU-2019:0298-1","SUSE-SU-2019:0320-1","SUSE-SU-2019:0326-1","SUSE-SU-2019:0356-1","SUSE-SU-2019:0439-1","SUSE-SU-2019:0541-1","SUSE-SU-2019:1289-1","openSUSE-SU-2019:0065-1"],"references":[{"type":"ADVISORY","url":"https://usn.ubuntu.com/3980-2/"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2019:1891"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2019:2696"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2019:2730"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2019/05/msg00002.html"},{"type":"ADVISORY","url":"https://support.f5.com/csp/article/K21430012"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/3981-1/"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/3981-2/"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2019:3517"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/3932-2/"},{"type":"ADVISORY","url":"https://www.oracle.com/security-alerts/cpuApr2021.html"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2019:1873"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2019:3309"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/3980-1/"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/106253"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2020:0204"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/3932-1/"},{"type":"FIX","url":"https://patchwork.kernel.org/cover/10733767/"},{"type":"FIX","url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16884"},{"type":"FIX","url":"https://patchwork.kernel.org/patch/10733769/"}],"affected":[{"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-16884.json","unresolved_ranges":[{"events":[{"introduced":"3.7"},{"fixed":"3.16.65"}]},{"events":[{"introduced":"3.17"},{"fixed":"3.18.133"}]},{"events":[{"introduced":"3.19"},{"fixed":"4.4.171"}]},{"events":[{"introduced":"4.5"},{"fixed":"4.9.151"}]},{"events":[{"introduced":"4.10"},{"fixed":"4.14.94"}]},{"events":[{"introduced":"4.15"},{"fixed":"4.19.16"}]},{"events":[{"introduced":"4.20"},{"fixed":"4.20.3"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0"}]},{"events":[{"introduced":"0"},{"last_affected":"2.0"}]},{"events":[{"introduced":"0"},{"last_affected":"8.0"}]},{"events":[{"introduced":"0"},{"last_affected":"14.04"}]},{"events":[{"introduced":"0"},{"last_affected":"16.04"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}