|Number of vulnerabilities||1|
|CVE ID|| CVE-2017-7533
|CWE ID|| CWE-362
|Public exploit||This vulnerability is being exploited in the wild.|
Red Hat Enterprise Linux
|Vulnerable software versions||
Red Hat Enterprise Linux 7
|Vendor URL||Red Hat Inc.|
The vulnerability allows a local user to execute arbitrary code with escalated privileges.
The vulnerability exists due to a race condition in the fsnotify implementation in the Linux kernel through 4.12.4. A local user can create an application, which leverages simultaneous execution of the inotify_handle_event and vfs_rename functions and trigger memory corruption and denials of service attack or execute arbitrary code on the target system with root privileges.
Successful exploitation of this vulnerability may allow a local user to obtain elevated privileges on the system.
Note: this vulnerability is being active exploited in the wild for 32-bit systems in August 2017.
Install update from vendor's website.External links