CVE-2017-7533 (NVD)

2017-08-05

Race condition in the fsnotify implementation in the Linux kernel through 4.12.4 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that leverages simultaneous execution of the inotify_handle_event and vfs_rename functions.

Products Linux_kernel
Type Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') (CWE-362)
First patch https://github.com/torvalds/linux/commit/49d31c2f389acfe83417083e1208422b4091cd9e
Patches http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=49d31c2f389acfe83417083e1208422b4091cd9e
Relevant file/s • ./fs/dcache.c (modified, +27)
• ./fs/debugfs/inode.c (modified, +5, -5)
• ./fs/namei.c (modified, +4, -4)
• ./fs/notify/fsnotify.c (modified, +6, -2)
• ./include/linux/dcache.h (modified, +6)
• ./include/linux/fsnotify.h (modified, -31)
Links https://access.redhat.com/errata/RHSA-2017:2869
http://www.debian.org/security/2017/dsa-3945
https://access.redhat.com/errata/RHSA-2017:2669
https://access.redhat.com/errata/RHSA-2017:2770
http://www.securitytracker.com/id/1039075

linux - Tree: 49d31c2f38

(? files)

Filter Settings
Files
Navigation
Patch data:

(on by default)


Patched area: