CVE-2018-16884

A flaw was found in the Linux kernel's NFS41+ subsystem. NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user can cause a host kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out.

Published: Dec 18, 2018
Updated: Nov 9, 2025
CVE: CVE-2018-16884
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8
AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: Medium
Score: 6.7
AV:A/AC:L/Au:S/C:P/I:P/A:C

CWEs:

CWE-416

Affected Software
References

Software	From	Fixed in
redhat / enterprise_linux	7.0	7.0.x
redhat / enterprise_mrg	2.0	2.0.x
debian / debian_linux	8.0	8.0.x
canonical / ubuntu_linux	16.04	16.04.x
canonical / ubuntu_linux	14.04	14.04.x
linux / linux_kernel	3.7	3.16.65
linux / linux_kernel	4.5	4.9.151
linux / linux_kernel	4.10	4.14.94
linux / linux_kernel	4.15	4.19.16
linux / linux_kernel	4.20	4.20.3
linux / linux_kernel	3.19	4.4.171
linux / linux_kernel	3.17	3.18.133

Vulnerability Database

300,445

CVE-2018-16884

Deep Security Visibility Without the Complexity