Main
Vulnerability Database
Exploits
ID:6376 - Exploit for Race condition in Linux kernel - CVE-2017-7533
ID:6376 - Exploit for Race condition in Linux kernel - CVE-2017-7533
Published: June 17, 2021
Vulnerability identifier: #VU7694
Vulnerability risk: Medium
CVE-ID: CVE-2017-7533
CWE-ID: CWE-362
Exploitation vector: Local access
Vulnerable software:
Linux kernel
Linux kernel
Link to public exploit:
Vulnerability description
The vulnerability allows a local user to execute arbitrary code with escalated privileges.
The vulnerability exists due to a race condition in the fsnotify implementation in the Linux kernel through 4.12.4. A local user can create an application, which leverages simultaneous execution of the inotify_handle_event and vfs_rename functions and trigger memory corruption and denials of service attack or execute arbitrary code on the target system with root privileges.
Successful exploitation of this vulnerability may allow a local user to obtain elevated privileges on the system.
Note: this vulnerability is being active exploited in the wild for 32-bit systems in August 2017.
The vulnerability exists due to a race condition in the fsnotify implementation in the Linux kernel through 4.12.4. A local user can create an application, which leverages simultaneous execution of the inotify_handle_event and vfs_rename functions and trigger memory corruption and denials of service attack or execute arbitrary code on the target system with root privileges.
Successful exploitation of this vulnerability may allow a local user to obtain elevated privileges on the system.
Note: this vulnerability is being active exploited in the wild for 32-bit systems in August 2017.
Remediation
Install update from vendor's repository.