Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
None
Privileges Required
Low
Attack Vector
Local
0

CVE-2017-7533

Disclosure Date: August 05, 2017
CVE-2017-7533 CVSS v3 Base Score: 7.0
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

Race condition in the fsnotify implementation in the Linux kernel through 4.12.4 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that leverages simultaneous execution of the inotify_handle_event and vfs_rename functions.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics
Base Score:
7.0 High
Impact Score:
5.9
Exploitability Score:
1
Vector:
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector (AV):
Local
Attack Complexity (AC):
High
Privileges Required (PR):
Low
User Interaction (UI):
None
Scope (S):
Unchanged
Confidentiality (C):
High
Integrity (I):
High
Availability (A):
High

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
Linux kernel through 4.12.4
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Unknown

Vendors

  • linux

Products

  • linux kernel

References

Canonical
CVE-2017-7533 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7533)
BID-100123 (http://www.securityfocus.com/bid/100123)
Advisory
DSA-3927 (http://www.debian.org/security/2017/dsa-3927)
https://access.redhat.com/errata/RHSA-2017:2669
https://access.redhat.com/errata/RHSA-2017:2473
https://access.redhat.com/errata/RHSA-2017:2585
DSA-3945 (http://www.debian.org/security/2017/dsa-3945)
https://source.android.com/security/bulletin/2017-12-01
SECTRACK-1039075 (http://www.securitytracker.com/id/1039075)
https://access.redhat.com/errata/RHSA-2017:2770
https://access.redhat.com/errata/RHSA-2017:2869
[oss-security] 20190627 Re: linux-distros membership application - Microsoft (http://www.openwall.com/lists/oss-security/2019/06/27/7)
[oss-security] 20190628 Re: linux-distros membership application - Microsoft (http://www.openwall.com/lists/oss-security/2019/06/28/1)
[oss-security] 20190628 Re: linux-distros membership application - Microsoft (http://www.openwall.com/lists/oss-security/2019/06/28/2)
Miscellaneous
https://patchwork.kernel.org/patch/9755757
https://bugzilla.redhat.com/show_bug.cgi?id=1468283
http://openwall.com/lists/oss-security/2017/08/03/2
https://patchwork.kernel.org/patch/9755753
https://github.com/torvalds/linux/commit/49d31c2f389acfe83417083e1208422b4091cd9e
https://www.mail-archive.com/linux-kernel@vger.kernel.org/msg1408967.html
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit?id=49d31c2f389acfe83417083e1208422b4091cd9e
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=49d31c2f389acfe83417083e1208422b4091cd9e
https://access.redhat.com/security/cve/CVE-2017-7533
https://patchwork.kernel.org/patch/9755753/
https://patchwork.kernel.org/patch/9755757/
https://www.mail-archive.com/linux-kernel%40vger.kernel.org/msg1408967.html

Additional Info

Authenticated
Unknown
Exploitable
Unknown
Reliability
Unknown
Stability
Unknown
Available Mitigations
Unknown
Shelf Life
Unknown
Userbase/Installbase
Unknown
Patch Effectiveness
Unknown
Technical Analysis