CVE-2018-1049 — Race Condition in Project Systemd

CWE-362 — Race Condition16 documents9 sources

Severity

5.9MEDIUMNVD

EPSS

0.5%

top 33.49%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Systemd Project Systemd RED HAT INC Systemd Canonical Ubuntu Linux +9 more

Timeline

PublishedFeb 16

Latest updateJul 2

Description

In systemd prior to 234 a race condition exists between .mount and .automount units such that automount requests from kernel may not be serviced by systemd resulting in kernel holding the mountpoint and any processes that try to use said mount will hang. A race condition like this may lead to denial of service, until mount points are unmounted.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.2 | Impact: 3.6

Affected Packages6 packages

▶NVDsystemd_project/systemd< 234

▶Debiansystemd_project/systemd< 234-1+3

▶CVEListV5red_hat_inc/systemdprior to 234

▶NVDredhat/enterprise_linux_server7.0

▶NVDredhat/enterprise_linux_desktop7.0

Also affects: Debian Linux 8.0, Ubuntu Linux 14.04, 16.04, Enterprise Linux 7.0, 7.4, 7.6, 7.5

Patches

Patch: bugzilla.redhat.com ↗Patch: bugzilla.redhat.com ↗

🔴Vulnerability Details

OSV

pcs vulnerabilities↗2025-07-02

▶

GHSA

GHSA-4pg2-ppcx-jh29: In systemd prior to 234 a race condition exists between↗2022-05-13

▶

OSV

CVE-2018-1049: In systemd prior to 234 a race condition exists between↗2018-02-16

▶

CVEList

CVE-2018-1049: In systemd prior to 234 a race condition exists between↗2018-02-16

▶

OSV

systemd vulnerabilities↗2018-02-05

▶

💥Exploits & PoCs

Exploit-DB

Foxit Reader 9.0.1.1049 - Arbitrary Code Execution↗2020-11-27

▶

Exploit-DB

Foxit PDF Reader 9.0.1.1049 - Pointer Overwrite Use-After-Free (Metasploit)↗2018-08-27

▶

Exploit-DB

Foxit Reader 9.0.1.1049 - Remote Code Execution↗2018-06-25

▶

Exploit-DB

WordPress Plugin Relevanssi 4.0.4 - Reflected Cross-Site Scripting↗2018-03-30

▶

📋Vendor Advisories

Ubuntu

systemd vulnerabilities↗2018-02-05

▶

Debian

CVE-2018-1049: systemd - In systemd prior to 234 a race condition exists between .mount and .automount un...↗2018

▶

Red Hat

systemd: automount: access to automounted volumes can lock up↗2017-05-09

▶

💬Community

Bugzilla

CVE-2018-18016 ImageMagick: memory leak in WritePCXImage in coders/pcx.c↗2018-10-05

▶

Bugzilla

CVE-2018-1049 systemd: automount: access to automounted volumes can lock up [fedora-all]↗2018-01-16

▶

Bugzilla

CVE-2018-1049 systemd: automount: access to automounted volumes can lock up↗2018-01-15

▶