Privilege escalation in Linux kernel

Published: 2017-08-07 16:21:48
Severity Medium
Patch available YES
Number of vulnerabilities 1
CVE ID CVE-2017-7533
Exploitation vector Local
Public exploit This vulnerability is being exploited in the wild.
Vulnerable software Linux kernel
Vulnerable software versions Linux kernel 4.12.1
Linux kernel 4.12.2
Linux kernel 4.12.3
Linux kernel 4.12.4
Vendor URL Linux Foundation

Security Advisory

1) Race condition


The vulnerability allows a local user to execute arbitrary code with escalated privileges.

The vulnerability exists due to a race condition in the fsnotify implementation in the Linux kernel through 4.12.4. A local user can create an application, which leverages simultaneous execution of the inotify_handle_event and vfs_rename functions and trigger memory corruption and denials of service attack or execute arbitrary code on the target system with root privileges.

Successful exploitation of this vulnerability may allow a local user to obtain elevated privileges on the system.

Note: this vulnerability is being active exploited in the wild for 32-bit systems in August 2017.


Install update from vendor's repository.

External links

Back to List