Vulnerability details
Advisory: SB2017080701 - Privilege escalation in Linux kernel
Vulnerable component: Linux kernel
CVE-ID: CVE-2017-7533
CVSSv3 score: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:H/RL:O/RC:C
CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Description:
The vulnerability allows a local user to execute arbitrary code with escalated privileges.
The vulnerability exists due to a race condition in the fsnotify implementation in the Linux kernel through 4.12.4. A local user can create an application, which leverages simultaneous execution of the inotify_handle_event and vfs_rename functions and trigger memory corruption and denials of service attack or execute arbitrary code on the target system with root privileges.
Successful exploitation of this vulnerability may allow a local user to obtain elevated privileges on the system.
Note: this vulnerability is being active exploited in the wild for 32-bit systems in August 2017.
Public Exploits: