← Zuruck zu CVEs
CVE-2017-7533
HIGH7.0
Beschreibung
Race condition in the fsnotify implementation in the Linux kernel through 4.12.4 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that leverages simultaneous execution of the inotify_handle_event and vfs_rename functions.
CVE Details
CVSS v3.1 Bewertung7.0
SchweregradHIGH
CVSS VektorCVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
AngriffsvektorLOCAL
KomplexitatHIGH
Erforderliche PrivilegienLOW
BenutzerinteraktionNONE
Veroffentlicht8/5/2017
Zuletzt geandert4/20/2025
Quellenvd
Honeypot-Sichtungen0
Betroffene Produkte
linux:linux_kernel
Schwachen (CWE)
CWE-362
Referenzen
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=49d31c2f389acfe83417083e1208422b4091cd9e(secalert@redhat.com)
http://openwall.com/lists/oss-security/2017/08/03/2(secalert@redhat.com)
http://www.debian.org/security/2017/dsa-3927(secalert@redhat.com)
http://www.debian.org/security/2017/dsa-3945(secalert@redhat.com)
http://www.openwall.com/lists/oss-security/2019/06/27/7(secalert@redhat.com)
http://www.openwall.com/lists/oss-security/2019/06/28/1(secalert@redhat.com)
http://www.openwall.com/lists/oss-security/2019/06/28/2(secalert@redhat.com)
http://www.securityfocus.com/bid/100123(secalert@redhat.com)
http://www.securitytracker.com/id/1039075(secalert@redhat.com)
https://access.redhat.com/errata/RHSA-2017:2473(secalert@redhat.com)
https://access.redhat.com/errata/RHSA-2017:2585(secalert@redhat.com)
https://access.redhat.com/errata/RHSA-2017:2669(secalert@redhat.com)
https://access.redhat.com/errata/RHSA-2017:2770(secalert@redhat.com)
https://access.redhat.com/errata/RHSA-2017:2869(secalert@redhat.com)
https://bugzilla.redhat.com/show_bug.cgi?id=1468283(secalert@redhat.com)
https://github.com/torvalds/linux/commit/49d31c2f389acfe83417083e1208422b4091cd9e(secalert@redhat.com)
https://patchwork.kernel.org/patch/9755753/(secalert@redhat.com)
https://patchwork.kernel.org/patch/9755757/(secalert@redhat.com)
https://source.android.com/security/bulletin/2017-12-01(secalert@redhat.com)
https://www.mail-archive.com/linux-kernel%40vger.kernel.org/msg1408967.html(secalert@redhat.com)
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=49d31c2f389acfe83417083e1208422b4091cd9e(af854a3a-2127-422b-91ae-364da2661108)
http://openwall.com/lists/oss-security/2017/08/03/2(af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2017/dsa-3927(af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2017/dsa-3945(af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2019/06/27/7(af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2019/06/28/1(af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2019/06/28/2(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/100123(af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id/1039075(af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2017:2473(af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2017:2585(af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2017:2669(af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2017:2770(af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2017:2869(af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.redhat.com/show_bug.cgi?id=1468283(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/torvalds/linux/commit/49d31c2f389acfe83417083e1208422b4091cd9e(af854a3a-2127-422b-91ae-364da2661108)
https://patchwork.kernel.org/patch/9755753/(af854a3a-2127-422b-91ae-364da2661108)
https://patchwork.kernel.org/patch/9755757/(af854a3a-2127-422b-91ae-364da2661108)
https://source.android.com/security/bulletin/2017-12-01(af854a3a-2127-422b-91ae-364da2661108)
https://www.mail-archive.com/linux-kernel%40vger.kernel.org/msg1408967.html(af854a3a-2127-422b-91ae-364da2661108)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.