[Forgot Password]
Login  Register Subscribe

23631

 
 

126951

 
 

99602

 
 

909

 
 

80167

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2017-7533

Date: (C)2017-08-09   (M)2018-01-05 


Race condition in the fsnotify implementation in the Linux kernel through 4.12.4 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that leverages simultaneous execution of the inotify_handle_event and vfs_rename functions.

CVSS Score: 6.9Access Vector: LOCAL
Exploit Score: 3.4Access Complexity: MEDIUM
Impact Score: 10.0Authentication: NONE
 Confidentiality: COMPLETE
 Integrity: COMPLETE
 Availability: COMPLETE





Reference:
BID-100123
SECTRACK-1039075
DSA-3927
DSA-3945
RHSA-2017:2473
RHSA-2017:2585
RHSA-2017:2669
RHSA-2017:2770
RHSA-2017:2869
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=49d31c2f389acfe83417083e1208422b4091cd9e
http://openwall.com/lists/oss-security/2017/08/03/2
https://bugzilla.redhat.com/show_bug.cgi?id=1468283
https://github.com/torvalds/linux/commit/49d31c2f389acfe83417083e1208422b4091cd9e
https://patchwork.kernel.org/patch/9755753/
https://patchwork.kernel.org/patch/9755757/
https://source.android.com/security/bulletin/2017-12-01
https://www.mail-archive.com/linux-kernel@vger.kernel.org/msg1408967.html

CWE    1
CWE-362
OVAL    10
oval:org.secpod.oval:def:603061
oval:org.secpod.oval:def:502125
oval:org.secpod.oval:def:703739
oval:org.secpod.oval:def:113090
...

© 2013 SecPod Technologies