ID CVE-2017-7533
Summary Race condition in the fsnotify implementation in the Linux kernel through 4.12.4 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that leverages simultaneous execution of the inotify_handle_event and vfs_rename functions.
References
Vulnerable Configurations
  • cpe:2.3:o:linux:linux_kernel:4.12.4
    cpe:2.3:o:linux:linux_kernel:4.12.4
CVSS
Base: 6.9
Impact:
Exploitability:
CWE CWE-362
CAPEC
  • Leveraging Race Conditions
    This attack targets a race condition occurring when multiple processes access and manipulate the same resource concurrently and the outcome of the execution depends on the particular order in which the access takes place. The attacker can leverage a race condition by "running the race", modifying the resource and modifying the normal execution flow. For instance a race condition can occur while accessing a file, the attacker can trick the system by replacing the original file with his version and cause the system to read the malicious file.
  • Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions
    This attack targets a race condition occurring between the time of check (state) for a resource and the time of use of a resource. The typical example is the file access. The attacker can leverage a file access race condition by "running the race", meaning that he would modify the resource between the first time the target program accesses the file and the time the target program uses the file. During that period of time, the attacker could do something such as replace the file and cause an escalation of privilege.
redhat via4
advisories
  • bugzilla
    id 1468283
    title CVE-2017-7533 kernel: a race between inotify_handle_event() and sys_rename()
    oval
    AND
    • OR
      • comment Red Hat Enterprise Linux 7 Client is installed
        oval oval:com.redhat.rhsa:tst:20140675001
      • comment Red Hat Enterprise Linux 7 Server is installed
        oval oval:com.redhat.rhsa:tst:20140675002
      • comment Red Hat Enterprise Linux 7 Workstation is installed
        oval oval:com.redhat.rhsa:tst:20140675003
      • comment Red Hat Enterprise Linux 7 ComputeNode is installed
        oval oval:com.redhat.rhsa:tst:20140675004
    • OR
      • AND
        • comment kernel is earlier than 0:3.10.0-693.1.1.el7
          oval oval:com.redhat.rhsa:tst:20172473013
        • comment kernel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100842006
      • AND
        • comment kernel-abi-whitelists is earlier than 0:3.10.0-693.1.1.el7
          oval oval:com.redhat.rhsa:tst:20172473007
        • comment kernel-abi-whitelists is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20131645028
      • AND
        • comment kernel-bootwrapper is earlier than 0:3.10.0-693.1.1.el7
          oval oval:com.redhat.rhsa:tst:20172473031
        • comment kernel-bootwrapper is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100842010
      • AND
        • comment kernel-debug is earlier than 0:3.10.0-693.1.1.el7
          oval oval:com.redhat.rhsa:tst:20172473011
        • comment kernel-debug is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100842012
      • AND
        • comment kernel-debug-devel is earlier than 0:3.10.0-693.1.1.el7
          oval oval:com.redhat.rhsa:tst:20172473021
        • comment kernel-debug-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100842014
      • AND
        • comment kernel-devel is earlier than 0:3.10.0-693.1.1.el7
          oval oval:com.redhat.rhsa:tst:20172473025
        • comment kernel-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100842016
      • AND
        • comment kernel-doc is earlier than 0:3.10.0-693.1.1.el7
          oval oval:com.redhat.rhsa:tst:20172473005
        • comment kernel-doc is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100842024
      • AND
        • comment kernel-headers is earlier than 0:3.10.0-693.1.1.el7
          oval oval:com.redhat.rhsa:tst:20172473017
        • comment kernel-headers is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100842008
      • AND
        • comment kernel-kdump is earlier than 0:3.10.0-693.1.1.el7
          oval oval:com.redhat.rhsa:tst:20172473023
        • comment kernel-kdump is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100842018
      • AND
        • comment kernel-kdump-devel is earlier than 0:3.10.0-693.1.1.el7
          oval oval:com.redhat.rhsa:tst:20172473015
        • comment kernel-kdump-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100842020
      • AND
        • comment kernel-tools is earlier than 0:3.10.0-693.1.1.el7
          oval oval:com.redhat.rhsa:tst:20172473027
        • comment kernel-tools is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20140678010
      • AND
        • comment kernel-tools-libs is earlier than 0:3.10.0-693.1.1.el7
          oval oval:com.redhat.rhsa:tst:20172473033
        • comment kernel-tools-libs is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20140678012
      • AND
        • comment kernel-tools-libs-devel is earlier than 0:3.10.0-693.1.1.el7
          oval oval:com.redhat.rhsa:tst:20172473029
        • comment kernel-tools-libs-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20140678020
      • AND
        • comment perf is earlier than 0:3.10.0-693.1.1.el7
          oval oval:com.redhat.rhsa:tst:20172473019
        • comment perf is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100842022
      • AND
        • comment python-perf is earlier than 0:3.10.0-693.1.1.el7
          oval oval:com.redhat.rhsa:tst:20172473009
        • comment python-perf is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20111849018
    rhsa
    id RHSA-2017:2473
    released 2017-08-15
    severity Important
    title RHSA-2017:2473: kernel security and bug fix update (Important)
  • bugzilla
    id 1473393
    title kernel-rt: update to the RHEL7.4.z batch#1 source tree
    oval
    AND
    • OR
      • comment Red Hat Enterprise Linux 7 Client is installed
        oval oval:com.redhat.rhsa:tst:20140675001
      • comment Red Hat Enterprise Linux 7 Server is installed
        oval oval:com.redhat.rhsa:tst:20140675002
      • comment Red Hat Enterprise Linux 7 Workstation is installed
        oval oval:com.redhat.rhsa:tst:20140675003
      • comment Red Hat Enterprise Linux 7 ComputeNode is installed
        oval oval:com.redhat.rhsa:tst:20140675004
    • OR
      • AND
        • comment kernel-rt is earlier than 0:3.10.0-693.2.1.rt56.620.el7
          oval oval:com.redhat.rhsa:tst:20172585007
        • comment kernel-rt is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20150727006
      • AND
        • comment kernel-rt-debug is earlier than 0:3.10.0-693.2.1.rt56.620.el7
          oval oval:com.redhat.rhsa:tst:20172585009
        • comment kernel-rt-debug is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20150727014
      • AND
        • comment kernel-rt-debug-devel is earlier than 0:3.10.0-693.2.1.rt56.620.el7
          oval oval:com.redhat.rhsa:tst:20172585013
        • comment kernel-rt-debug-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20150727016
      • AND
        • comment kernel-rt-debug-kvm is earlier than 0:3.10.0-693.2.1.rt56.620.el7
          oval oval:com.redhat.rhsa:tst:20172585017
        • comment kernel-rt-debug-kvm is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20152411008
      • AND
        • comment kernel-rt-devel is earlier than 0:3.10.0-693.2.1.rt56.620.el7
          oval oval:com.redhat.rhsa:tst:20172585021
        • comment kernel-rt-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20150727012
      • AND
        • comment kernel-rt-doc is earlier than 0:3.10.0-693.2.1.rt56.620.el7
          oval oval:com.redhat.rhsa:tst:20172585005
        • comment kernel-rt-doc is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20150727022
      • AND
        • comment kernel-rt-kvm is earlier than 0:3.10.0-693.2.1.rt56.620.el7
          oval oval:com.redhat.rhsa:tst:20172585023
        • comment kernel-rt-kvm is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20152411024
      • AND
        • comment kernel-rt-trace is earlier than 0:3.10.0-693.2.1.rt56.620.el7
          oval oval:com.redhat.rhsa:tst:20172585019
        • comment kernel-rt-trace is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20150727008
      • AND
        • comment kernel-rt-trace-devel is earlier than 0:3.10.0-693.2.1.rt56.620.el7
          oval oval:com.redhat.rhsa:tst:20172585011
        • comment kernel-rt-trace-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20150727010
      • AND
        • comment kernel-rt-trace-kvm is earlier than 0:3.10.0-693.2.1.rt56.620.el7
          oval oval:com.redhat.rhsa:tst:20172585015
        • comment kernel-rt-trace-kvm is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20152411014
    rhsa
    id RHSA-2017:2585
    released 2017-09-05
    severity Important
    title RHSA-2017:2585: kernel-rt security and bug fix update (Important)
rpms
  • kernel-0:3.10.0-693.1.1.el7
  • kernel-abi-whitelists-0:3.10.0-693.1.1.el7
  • kernel-bootwrapper-0:3.10.0-693.1.1.el7
  • kernel-debug-0:3.10.0-693.1.1.el7
  • kernel-debug-devel-0:3.10.0-693.1.1.el7
  • kernel-devel-0:3.10.0-693.1.1.el7
  • kernel-doc-0:3.10.0-693.1.1.el7
  • kernel-headers-0:3.10.0-693.1.1.el7
  • kernel-kdump-0:3.10.0-693.1.1.el7
  • kernel-kdump-devel-0:3.10.0-693.1.1.el7
  • kernel-tools-0:3.10.0-693.1.1.el7
  • kernel-tools-libs-0:3.10.0-693.1.1.el7
  • kernel-tools-libs-devel-0:3.10.0-693.1.1.el7
  • perf-0:3.10.0-693.1.1.el7
  • python-perf-0:3.10.0-693.1.1.el7
  • kernel-rt-0:3.10.0-693.2.1.rt56.620.el7
  • kernel-rt-debug-0:3.10.0-693.2.1.rt56.620.el7
  • kernel-rt-debug-devel-0:3.10.0-693.2.1.rt56.620.el7
  • kernel-rt-debug-kvm-0:3.10.0-693.2.1.rt56.620.el7
  • kernel-rt-devel-0:3.10.0-693.2.1.rt56.620.el7
  • kernel-rt-doc-0:3.10.0-693.2.1.rt56.620.el7
  • kernel-rt-kvm-0:3.10.0-693.2.1.rt56.620.el7
  • kernel-rt-trace-0:3.10.0-693.2.1.rt56.620.el7
  • kernel-rt-trace-devel-0:3.10.0-693.2.1.rt56.620.el7
  • kernel-rt-trace-kvm-0:3.10.0-693.2.1.rt56.620.el7
refmap via4
bid 100123
debian
  • DSA-3927
  • DSA-3945
misc
sectrack 1039075
Last major update 05-08-2017 - 12:29
Published 05-08-2017 - 12:29
Last modified 08-12-2017 - 21:29
Back to Top