high
7
CWE
362
Advisory Published
CVE Published
Updated

CVE-2017-7533: Race Condition

First published: Thu Jul 06 2017(Updated: )

A race condition was found in Linux kernel present since v3.14-rc1 upto v4.12 including. The race happens between threads of inotify_handle_event() and vfs_rename() while running the rename operation against the same file. As a result of the race the the next slab data or the slab's free list pointer can be corrupted with attacker-controlled data, which may lead to the privilege escalation. The researchers of this flaw are Leilei Lin from Alibaba Group and Fan Wu and Shixiong Zhao from a research group supervised by Dr. Heming Cui of the Department of Computer Science, The University of Hong Kong. Thanks to Rui Gu and Prof.Junfeng Yang from Columbia University for tools and suggestions. References: <a href="http://seclists.org/oss-sec/2017/q3/240">http://seclists.org/oss-sec/2017/q3/240</a> <a href="https://access.redhat.com/security/vulnerabilities/3112931">https://access.redhat.com/security/vulnerabilities/3112931</a> <a href="https://patchwork.kernel.org/patch/9755753/">https://patchwork.kernel.org/patch/9755753/</a> <a href="https://patchwork.kernel.org/patch/9755757/">https://patchwork.kernel.org/patch/9755757/</a> <a href="https://www.mail-archive.com/linux-kernel@vger.kernel.org/msg1408967.html">https://www.mail-archive.com/linux-kernel@vger.kernel.org/msg1408967.html</a> <a href="https://bugzilla.kernel.org/show_bug.cgi?id=196279">https://bugzilla.kernel.org/show_bug.cgi?id=196279</a> (restricted access) Upstream patch: 49d31c2f389a <a href="https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=49d31c2f389acfe83417083e1208422b4091cd9">https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=49d31c2f389acfe83417083e1208422b4091cd9</a>

Credit: secalert@redhat.com secalert@redhat.com

Affected SoftwareAffected VersionHow to fix
Linux Linux kernel>=3.14<3.16.47
Linux Linux kernel>=3.17<3.18.64
Linux Linux kernel>=3.19<4.4.80
Linux Linux kernel>=4.5<4.9.41
Linux Linux kernel>=4.10<4.12.5
Google Android
debian/linux
5.10.223-1
5.10.226-1
6.1.115-1
6.1.119-1
6.11.10-1
6.12.5-1

Remedy

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=49d31c2f389acfe83417083e1208422b4091cd9e

Remedy

http://openwall.com/lists/oss-security/2017/08/03/2

Remedy

https://bugzilla.redhat.com/show_bug.cgi?id=1468283

Remedy

https://github.com/torvalds/linux/commit/49d31c2f389acfe83417083e1208422b4091cd9e

Remedy

https://patchwork.kernel.org/patch/9755753/

Remedy

https://patchwork.kernel.org/patch/9755757/

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is CVE-2017-7533?

    CVE-2017-7533 is a vulnerability in the Linux kernel that allows local users to gain privileges or cause a denial of service through a crafted application.

  • How does CVE-2017-7533 work?

    CVE-2017-7533 is caused by a race condition in the fsnotify implementation of the Linux kernel, which can be exploited by executing the inotify_handle_event and vfs_rename functions simultaneously.

  • What is the severity of CVE-2017-7533?

    CVE-2017-7533 has a severity rating of high (7 out of 10).

  • Which software versions are affected by CVE-2017-7533?

    CVE-2017-7533 affects various versions of the Linux kernel, including Ubuntu, Debian, and Google Android.

  • How can CVE-2017-7533 be fixed?

    To fix CVE-2017-7533, it is recommended to update the affected software packages to the specified remedy versions or higher.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203