vulnerability

Oracle Linux: CVE-2017-7533: ELSA-2017-2473: kernel security and bug fix update (IMPORTANT) (Multiple Advisories)

Severity
7
CVSS
(AV:L/AC:L/Au:S/C:C/I:C/A:C)
Published
2017-08-03
Added
2017-08-16
Modified
2025-01-23

Description

Race condition in the fsnotify implementation in the Linux kernel through 4.12.4 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that leverages simultaneous execution of the inotify_handle_event and vfs_rename functions.
A race condition was found in the Linux kernel, present since v3.14-rc1 through v4.12. The race happens between threads of inotify_handle_event() and vfs_rename() while running the rename operation against the same file. As a result of the race the next slab data or the slab's free list pointer can be corrupted with attacker-controlled data, which may lead to the privilege escalation.

Solution(s)

oracle-linux-upgrade-kerneloracle-linux-upgrade-kernel-uek
Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.