CVE-2017-7533
Linux Kernel < 3.16.39 (Debian 8 x64) - 'inotfiy' Local Privilege Escalation
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
Race condition in the fsnotify implementation in the Linux kernel through 4.12.4 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that leverages simultaneous execution of the inotify_handle_event and vfs_rename functions.
Una condición de carrera en la implementación de fsnotify en el kernel de Linux hasta la versión 4.12.4, permite a los usuarios locales alcanzar privilegios o causar una denegación de servicio (corrupción de memoria) por medio de una aplicación creada que aprovecha la ejecución simultánea de las funciones inotify_handle_event y vfs_rename.
A race condition was found in the Linux kernel, present since v3.14-rc1 through v4.12. The race happens between threads of inotify_handle_event() and vfs_rename() while running the rename operation against the same file. As a result of the race the next slab data or the slab's free list pointer can be corrupted with attacker-controlled data, which may lead to the privilege escalation.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-04-05 CVE Reserved
- 2017-08-04 CVE Published
- 2017-10-16 First Exploit
- 2024-08-05 CVE Updated
- 2024-11-05 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
- CWE-642: External Control of Critical State Data
CAPEC
References (22)
URL | Tag | Source |
---|---|---|
http://www.openwall.com/lists/oss-security/2019/06/27/7 | Mailing List | |
http://www.openwall.com/lists/oss-security/2019/06/28/1 | Mailing List | |
http://www.openwall.com/lists/oss-security/2019/06/28/2 | Mailing List | |
http://www.securityfocus.com/bid/100123 | Third Party Advisory | |
http://www.securitytracker.com/id/1039075 | Third Party Advisory | |
https://source.android.com/security/bulletin/2017-12-01 | Third Party Advisory | |
https://www.mail-archive.com/linux-kernel%40vger.kernel.org/msg1408967.html | Third Party Advisory |
URL | Date | SRC |
---|---|---|
https://www.exploit-db.com/exploits/44302 | 2017-10-16 |
URL | Date | SRC |
---|---|---|
http://www.debian.org/security/2017/dsa-3927 | 2023-06-21 | |
http://www.debian.org/security/2017/dsa-3945 | 2023-06-21 | |
https://access.redhat.com/errata/RHSA-2017:2473 | 2023-06-21 | |
https://access.redhat.com/errata/RHSA-2017:2585 | 2023-06-21 | |
https://access.redhat.com/errata/RHSA-2017:2669 | 2023-06-21 | |
https://access.redhat.com/errata/RHSA-2017:2770 | 2023-06-21 | |
https://access.redhat.com/errata/RHSA-2017:2869 | 2023-06-21 | |
https://access.redhat.com/security/cve/CVE-2017-7533 | 2017-10-10 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 3.14 < 3.16.47 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.14 < 3.16.47" | - |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 3.17 < 3.18.64 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.17 < 3.18.64" | - |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 3.19 < 4.4.80 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.19 < 4.4.80" | - |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 4.5 < 4.9.41 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.5 < 4.9.41" | - |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 4.10 < 4.12.5 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.10 < 4.12.5" | - |
Affected
|