CVE-2018-1049
systemd - security update
5.9
MEDIUM
CVSS 3.1
EPSS 0.46%
Description
In systemd prior to 234 a race condition exists between .mount and .automount units such that automount requests from kernel may not be serviced by systemd resulting in kernel holding the mountpoint and any processes that try to use said mount will hang. A race condition like this may lead to denial of service, until mount points are unmounted.
How to fix CVE-2018-1049
To remediate CVE-2018-1049, upgrade the affected package to a fixed version below.
- —upgrade to 234-1 or later
- —upgrade to 215-17+deb8u8 or later
Is CVE-2018-1049 being exploited?
Low — EPSS is 0.5%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 234-1
- from 0, < 215-17+deb8u8
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.9 | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H |