cpe:/a:redhat:enterprise_mrg:2.0 cpe:/o:canonical:ubuntu_linux:14.04::~~lts~~~ cpe:/o:canonical:ubuntu_linux:16.04::~~lts~~~ cpe:/o:debian:debian_linux:8.0 cpe:/o:linux:linux_kernel:- cpe:/o:redhat:enterprise_linux:7.0 CVE-2018-16884 2018-12-18T17:29:04.713-05:00 2019-05-28T20:29:00.253-04:00 6.7 ADJACENT_NETWORK LOW SINGLE_INSTANCE PARTIAL PARTIAL COMPLETE http://nvd.nist.gov BID 106253 REDHAT RHSA-2019:1873 REDHAT RHSA-2019:1891 REDHAT RHSA-2019:2696 REDHAT RHSA-2019:2730 UBUNTU USN-3932-1 UBUNTU USN-3932-2 UBUNTU USN-3980-1 UBUNTU USN-3980-2 UBUNTU USN-3981-1 UBUNTU USN-3981-2 MLIST [debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update MLIST [debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update MLIST [debian-lts-announce] 20190503 [SECURITY] [DLA 1771-1] linux-4.9 security update CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16884 CONFIRM https://patchwork.kernel.org/cover/10733767/ CONFIRM https://patchwork.kernel.org/patch/10733769/ CONFIRM https://support.f5.com/csp/article/K21430012 A flaw was found in the Linux kernel's NFS41+ subsystem. NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user can cause a host kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out.