cbcvebase.
CVE-2017-7533
published 2017-08-05

CVE-2017-7533: Race condition in the fsnotify implementation in the Linux kernel through 4.12.4 allows local users to gain privileges or cause a denial of service (memory…

PriorityP337high7CVSS 3.1
AVLACHPRLUINSUCHIHAH
ITWEXPLOIT
Exploited in the wild
EPSS
1.22%
65.0th percentile
Race condition in the fsnotify implementation in the Linux kernel through 4.12.4 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that leverages simultaneous execution of the inotify_handle_event and vfs_rename functions.

Affected

13 ranges
VendorProductVersion rangeFixed in
debianlinux< linux 4.12.6-1 (bookworm)linux 4.12.6-1 (bookworm)
googleandroid
linuxlinux_kernel>= 0 < 4.12.6-14.12.6-1
linuxlinux_kernel>= 0 < 4.12.6-14.12.6-1
linuxlinux_kernel>= 0 < 4.12.6-14.12.6-1
linuxlinux_kernel>= 0 < 4.12.6-14.12.6-1
linuxlinux_kernel>= 0 < 4.4.0-92.1154.4.0-92.115
linuxlinux_kernel>= 0 < 4.4.0-89.1124.4.0-89.112
linuxlinux_kernel>= 3.14 < 3.16.473.16.47
linuxlinux_kernel>= 3.17 < 3.18.643.18.64
linuxlinux_kernel>= 3.19 < 4.4.804.4.80
linuxlinux_kernel>= 4.10 < 4.12.54.12.5
linuxlinux_kernel>= 4.5 < 4.9.414.9.41

CVSS provenance

nvdv3.17.0HIGHCVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.9MEDIUMAV:L/AC:M/Au:N/C:C/I:C/A:C
osv7.8HIGH
vendor_ubuntu7.8HIGH
vendor_debian7.0HIGH
vendor_redhat7.0HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.