CVE-2017-7533
published 2017-08-05CVE-2017-7533: Race condition in the fsnotify implementation in the Linux kernel through 4.12.4 allows local users to gain privileges or cause a denial of service (memory…
PriorityP337high7CVSS 3.1
AVLACHPRLUINSUCHIHAH
ITWEXPLOIT
Exploited in the wild
EPSS
1.22%
65.0th percentile
Race condition in the fsnotify implementation in the Linux kernel through 4.12.4 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that leverages simultaneous execution of the inotify_handle_event and vfs_rename functions.
Affected
13 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | linux | < linux 4.12.6-1 (bookworm) | linux 4.12.6-1 (bookworm) |
| android | — | — | |
| linux | linux_kernel | >= 0 < 4.12.6-1 | 4.12.6-1 |
| linux | linux_kernel | >= 0 < 4.12.6-1 | 4.12.6-1 |
| linux | linux_kernel | >= 0 < 4.12.6-1 | 4.12.6-1 |
| linux | linux_kernel | >= 0 < 4.12.6-1 | 4.12.6-1 |
| linux | linux_kernel | >= 0 < 4.4.0-92.115 | 4.4.0-92.115 |
| linux | linux_kernel | >= 0 < 4.4.0-89.112 | 4.4.0-89.112 |
| linux | linux_kernel | >= 3.14 < 3.16.47 | 3.16.47 |
| linux | linux_kernel | >= 3.17 < 3.18.64 | 3.18.64 |
| linux | linux_kernel | >= 3.19 < 4.4.80 | 4.4.80 |
| linux | linux_kernel | >= 4.10 < 4.12.5 | 4.12.5 |
| linux | linux_kernel | >= 4.5 < 4.9.41 | 4.9.41 |
CVSS provenance
nvdv3.17.0HIGHCVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.9MEDIUMAV:L/AC:M/Au:N/C:C/I:C/A:C
osv7.8HIGH
vendor_ubuntu7.8HIGH
vendor_debian7.0HIGH
vendor_redhat7.0HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Android
CVE-2017-7533: File handling
vendor_android·2017-12-01·CVSS 7.0
CVE-2017-7533 [HIGH] CVE-2017-7533: File handling
Android Security Bulletin 2017-12-01
CVE: CVE-2017-7533
Severity: HIGH
Type: EoP
Component: File handling
References: A-63689921
Upstream kernel
Ubuntu
Linux kernel (Xenial HWE) regression
vendor_ubuntu·2017-08-16·CVSS 7.8
[HIGH] Linux kernel (Xenial HWE) regression
Title: Linux kernel (Xenial HWE) regression
Summary: USN-3378-2 introduced a regression the Linux Hardware Enablement
kernel.
USN-3392-1 fixed a regression in the Linux kernel for Ubuntu 16.04 LTS.
This update provides the corresponding updates for the Linux Hardware
Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS.
USN-3378-2 fixed vulnerabilities in the Linux Hardware Enablement
kernel. Unfortunately, a regression was introduced that prevented
conntrack from working correctly in some situations. This update
fixes the problem.
We apologize for the inconvenience.
Original advisory details:
Fan Wu and Shixiong Zhao discovered a race condition between inotify events
and vfs rename operations in the Linux kernel. An unprivileged local
attacker could use this to cause a
Ubuntu
Linux kernel regression
vendor_ubuntu·2017-08-16·CVSS 7.8
[HIGH] Linux kernel regression
Title: Linux kernel regression
Summary: USN-3378-1 introduced a regression in the Linux kernel.
USN-3378-1 fixed vulnerabilities in the Linux kernel. Unfortunately, a
regression was introduced that prevented conntrack from working
correctly in some situations. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
Fan Wu and Shixiong Zhao discovered a race condition between inotify events
and vfs rename operations in the Linux kernel. An unprivileged local
attacker could use this to cause a denial of service (system crash) or
execute arbitrary code. (CVE-2017-7533)
It was discovered that the Linux kernel did not properly restrict
RLIMIT_STACK size. A local attacker could use this in conjunction with
another vulnerability to possibly execute arbi
Ubuntu
Linux kernel (HWE) vulnerabilities
vendor_ubuntu·2017-08-03·CVSS 7.8
CVE-2017-1000365 [HIGH] Linux kernel (HWE) vulnerabilities
Title: Linux kernel (HWE) vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
USN-3377-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.04.
This update provides the corresponding updates for the Linux
Hardware Enablement (HWE) kernel from Ubuntu 17.04 for Ubuntu
16.04 LTS.
Fan Wu and Shixiong Zhao discovered a race condition between inotify events
and vfs rename operations in the Linux kernel. An unprivileged local
attacker could use this to cause a denial of service (system crash) or
execute arbitrary code. (CVE-2017-7533)
It was discovered that the Linux kernel did not properly restrict
RLIMIT_STACK size. A local attacker could use this in conjunction with
another vulnerability to possibly execute arbitrary code.
(CVE-2017-1000365)
李强 discovered
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2017-08-03·CVSS 7.8
CVE-2017-1000365 [HIGH] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Fan Wu and Shixiong Zhao discovered a race condition between inotify events
and vfs rename operations in the Linux kernel. An unprivileged local
attacker could use this to cause a denial of service (system crash) or
execute arbitrary code. (CVE-2017-7533)
It was discovered that the Linux kernel did not properly restrict
RLIMIT_STACK size. A local attacker could use this in conjunction with
another vulnerability to possibly execute arbitrary code.
(CVE-2017-1000365)
李强 discovered that the Virtio GPU driver in the Linux kernel did not
properly free memory in some situations. A local attacker could use this to
cause a denial of service (memory consumption). (CVE-2017-10810)
石磊 discovered
Ubuntu
Linux kernel (Xenial HWE) vulnerabilities
vendor_ubuntu·2017-08-03·CVSS 7.8
CVE-2017-1000365 [HIGH] Linux kernel (Xenial HWE) vulnerabilities
Title: Linux kernel (Xenial HWE) vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
USN-3378-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04
LTS. This update provides the corresponding updates for the Linux
Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu
14.04 LTS.
Fan Wu and Shixiong Zhao discovered a race condition between inotify events
and vfs rename operations in the Linux kernel. An unprivileged local
attacker could use this to cause a denial of service (system crash) or
execute arbitrary code. (CVE-2017-7533)
It was discovered that the Linux kernel did not properly restrict
RLIMIT_STACK size. A local attacker could use this in conjunction with
another vulnerability to possibly execute arbitrary code.
(CVE-2017-1000365)
Red Hat
kernel: a race between inotify_handle_event() and sys_rename()
vendor_redhat·2017-08-03·CVSS 7.0
CVE-2017-7533 [HIGH] CWE-362 kernel: a race between inotify_handle_event() and sys_rename()
kernel: a race between inotify_handle_event() and sys_rename()
Race condition in the fsnotify implementation in the Linux kernel through 4.12.4 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that leverages simultaneous execution of the inotify_handle_event and vfs_rename functions.
A race condition was found in the Linux kernel, present since v3.14-rc1 through v4.12. The race happens between threads of inotify_handle_event() and vfs_rename() while running the rename operation against the same file. As a result of the race the next slab data or the slab's free list pointer can be corrupted with attacker-controlled data, which may lead to the privilege escalation.
Statement: This issue does not affect the versions of the Li
Debian
CVE-2017-7533: linux - Race condition in the fsnotify implementation in the Linux kernel through 4.12.4...
vendor_debian·2017·CVSS 7.0
CVE-2017-7533 [HIGH] CVE-2017-7533: linux - Race condition in the fsnotify implementation in the Linux kernel through 4.12.4...
Race condition in the fsnotify implementation in the Linux kernel through 4.12.4 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that leverages simultaneous execution of the inotify_handle_event and vfs_rename functions.
Scope: local
bookworm: resolved (fixed in 4.12.6-1)
bullseye: resolved (fixed in 4.12.6-1)
forky: resolved (fixed in 4.12.6-1)
sid: resolved (fixed in 4.12.6-1)
trixie: resolved (fixed in 4.12.6-1)
GHSA
GHSA-679h-84ch-2wh9: Race condition in the fsnotify implementation in the Linux kernel through 4
ghsa_unreviewed·2022-05-14
CVE-2017-7533 [HIGH] CWE-362 GHSA-679h-84ch-2wh9: Race condition in the fsnotify implementation in the Linux kernel through 4
Race condition in the fsnotify implementation in the Linux kernel through 4.12.4 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that leverages simultaneous execution of the inotify_handle_event and vfs_rename functions.
OSV
linux, linux-aws, linux-gke, linux-raspi2, linux-snapdragon regression
osv·2017-08-16·CVSS 7.8
[HIGH] linux, linux-aws, linux-gke, linux-raspi2, linux-snapdragon regression
linux, linux-aws, linux-gke, linux-raspi2, linux-snapdragon regression
USN-3378-1 fixed vulnerabilities in the Linux kernel. Unfortunately, a
regression was introduced that prevented conntrack from working
correctly in some situations. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
Fan Wu and Shixiong Zhao discovered a race condition between inotify events
and vfs rename operations in the Linux kernel. An unprivileged local
attacker could use this to cause a denial of service (system crash) or
execute arbitrary code. (CVE-2017-7533)
It was discovered that the Linux kernel did not properly restrict
RLIMIT_STACK size. A local attacker could use this in conjunction with
another vulnerability to possibly execute arbitrary code.
(CVE-2017-1000
OSV
linux-lts-xenial regression
osv·2017-08-16·CVSS 7.8
[HIGH] linux-lts-xenial regression
linux-lts-xenial regression
USN-3392-1 fixed a regression in the Linux kernel for Ubuntu 16.04 LTS.
This update provides the corresponding updates for the Linux Hardware
Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS.
USN-3378-2 fixed vulnerabilities in the Linux Hardware Enablement
kernel. Unfortunately, a regression was introduced that prevented
conntrack from working correctly in some situations. This update
fixes the problem.
We apologize for the inconvenience.
Original advisory details:
Fan Wu and Shixiong Zhao discovered a race condition between inotify events
and vfs rename operations in the Linux kernel. An unprivileged local
attacker could use this to cause a denial of service (system crash) or
execute arbitrary code. (CVE-2017-7533)
It was discovered tha
OSV
CVE-2017-7533: Race condition in the fsnotify implementation in the Linux kernel through 4
osv·2017-08-05·CVSS 7.0
CVE-2017-7533 [HIGH] CVE-2017-7533: Race condition in the fsnotify implementation in the Linux kernel through 4
Race condition in the fsnotify implementation in the Linux kernel through 4.12.4 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that leverages simultaneous execution of the inotify_handle_event and vfs_rename functions.
OSV
linux-hwe vulnerabilities
osv·2017-08-03·CVSS 7.8
CVE-2017-7533 [HIGH] linux-hwe vulnerabilities
linux-hwe vulnerabilities
USN-3377-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.04.
This update provides the corresponding updates for the Linux
Hardware Enablement (HWE) kernel from Ubuntu 17.04 for Ubuntu
16.04 LTS.
Fan Wu and Shixiong Zhao discovered a race condition between inotify events
and vfs rename operations in the Linux kernel. An unprivileged local
attacker could use this to cause a denial of service (system crash) or
execute arbitrary code. (CVE-2017-7533)
It was discovered that the Linux kernel did not properly restrict
RLIMIT_STACK size. A local attacker could use this in conjunction with
another vulnerability to possibly execute arbitrary code.
(CVE-2017-1000365)
李强 discovered that the Virtio GPU driver in the Linux kernel did not
properly free memory in so
OSV
linux, linux-aws, linux-gke, linux-raspi2, linux-snapdragon vulnerabilities
osv·2017-08-03·CVSS 7.8
CVE-2017-7533 [HIGH] linux, linux-aws, linux-gke, linux-raspi2, linux-snapdragon vulnerabilities
linux, linux-aws, linux-gke, linux-raspi2, linux-snapdragon vulnerabilities
Fan Wu and Shixiong Zhao discovered a race condition between inotify events
and vfs rename operations in the Linux kernel. An unprivileged local
attacker could use this to cause a denial of service (system crash) or
execute arbitrary code. (CVE-2017-7533)
It was discovered that the Linux kernel did not properly restrict
RLIMIT_STACK size. A local attacker could use this in conjunction with
another vulnerability to possibly execute arbitrary code.
(CVE-2017-1000365)
李强 discovered that the Virtio GPU driver in the Linux kernel did not
properly free memory in some situations. A local attacker could use this to
cause a denial of service (memory consumption). (CVE-2017-10810)
石磊 discovered that the RxRPC Kerberos 5
OSV
linux-lts-xenial vulnerabilities
osv·2017-08-03·CVSS 7.8
[HIGH] linux-lts-xenial vulnerabilities
linux-lts-xenial vulnerabilities
USN-3378-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04
LTS. This update provides the corresponding updates for the Linux
Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu
14.04 LTS.
Fan Wu and Shixiong Zhao discovered a race condition between inotify events
and vfs rename operations in the Linux kernel. An unprivileged local
attacker could use this to cause a denial of service (system crash) or
execute arbitrary code. (CVE-2017-7533)
It was discovered that the Linux kernel did not properly restrict
RLIMIT_STACK size. A local attacker could use this in conjunction with
another vulnerability to possibly execute arbitrary code.
(CVE-2017-1000365)
李强 discovered that the Virtio GPU driver in the Linux kernel did not
properly fr
No detection rules found.
Bugzilla
CVE-2017-7533 kernel: a race between inotify_handle_event() and sys_rename() [fedora-all]
bugzilla·2017-08-03·CVSS 7.0
CVE-2017-7533 [HIGH] CVE-2017-7533 kernel: a race between inotify_handle_event() and sys_rename() [fedora-all]
CVE-2017-7533 kernel: a race between inotify_handle_event() and sys_rename() [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple suppor
Bugzilla
CVE-2017-7533 kernel: a race between inotify_handle_event() and sys_rename()
bugzilla·2017-07-06·CVSS 7.0
CVE-2017-7533 [HIGH] CVE-2017-7533 kernel: a race between inotify_handle_event() and sys_rename()
CVE-2017-7533 kernel: a race between inotify_handle_event() and sys_rename()
A race condition was found in Linux kernel present since v3.14-rc1 upto v4.12 including. The race happens between threads of inotify_handle_event() and vfs_rename() while running the rename operation against the same file. As a result of the race the the next slab data or the slab's free list pointer can be corrupted with attacker-controlled data, which may lead to the privilege escalation.
The researchers of this flaw are Leilei Lin from Alibaba Group and Fan Wu and Shixiong Zhao from a research group supervised by Dr. Heming Cui of the Department of Computer Science, The University of Hong Kong. Thanks to Rui Gu and Prof.Junfeng Yang from Columbia University for tools and suggestions.
References:
http://secl
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=49d31c2f389acfe83417083e1208422b4091cd9ehttp://openwall.com/lists/oss-security/2017/08/03/2http://www.debian.org/security/2017/dsa-3927http://www.debian.org/security/2017/dsa-3945http://www.openwall.com/lists/oss-security/2019/06/27/7http://www.openwall.com/lists/oss-security/2019/06/28/1http://www.openwall.com/lists/oss-security/2019/06/28/2http://www.securityfocus.com/bid/100123http://www.securitytracker.com/id/1039075https://access.redhat.com/errata/RHSA-2017:2473https://access.redhat.com/errata/RHSA-2017:2585https://access.redhat.com/errata/RHSA-2017:2669https://access.redhat.com/errata/RHSA-2017:2770https://access.redhat.com/errata/RHSA-2017:2869https://bugzilla.redhat.com/show_bug.cgi?id=1468283https://github.com/torvalds/linux/commit/49d31c2f389acfe83417083e1208422b4091cd9ehttps://patchwork.kernel.org/patch/9755753/https://patchwork.kernel.org/patch/9755757/https://source.android.com/security/bulletin/2017-12-01https://www.mail-archive.com/linux-kernel%40vger.kernel.org/msg1408967.htmlhttp://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=49d31c2f389acfe83417083e1208422b4091cd9ehttp://openwall.com/lists/oss-security/2017/08/03/2http://www.debian.org/security/2017/dsa-3927http://www.debian.org/security/2017/dsa-3945http://www.openwall.com/lists/oss-security/2019/06/27/7http://www.openwall.com/lists/oss-security/2019/06/28/1http://www.openwall.com/lists/oss-security/2019/06/28/2http://www.securityfocus.com/bid/100123http://www.securitytracker.com/id/1039075https://access.redhat.com/errata/RHSA-2017:2473https://access.redhat.com/errata/RHSA-2017:2585https://access.redhat.com/errata/RHSA-2017:2669https://access.redhat.com/errata/RHSA-2017:2770https://access.redhat.com/errata/RHSA-2017:2869https://bugzilla.redhat.com/show_bug.cgi?id=1468283https://github.com/torvalds/linux/commit/49d31c2f389acfe83417083e1208422b4091cd9ehttps://patchwork.kernel.org/patch/9755753/https://patchwork.kernel.org/patch/9755757/https://source.android.com/security/bulletin/2017-12-01https://www.mail-archive.com/linux-kernel%40vger.kernel.org/msg1408967.html
2017-08-05
Published
Exploited in the wild