| Summary: | kernel: Race condition in Linux kernel present since v3.14-rc1 up to v4.12 (CVE-2017-7533) | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | D'juan McDonald (domhnall) <flopwiki> |
| Component: | Kernel | Assignee: | Gentoo Kernel Security <security-kernel> |
| Status: | RESOLVED FIXED | ||
| Severity: | normal | CC: | security-kernel |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | http://seclists.org/oss-sec/2017/q3/240 | ||
| Whiteboard: | |||
| Package list: | Runtime testing required: | --- | |
Fixed in 4.9.41, 4.13 |
${URL}: A race condition was found in Linux kernel present since v3.14-rc1 upto v4.12 including. The race happens between threads of inotify_handle_event() and vfs_rename() while running the rename operation against the same file. The next slab data or the slab's free list pointer can be corrupted with attacker-controlled data as a result of the race. References: https://bugzilla.redhat.com/show_bug.cgi?id=1468283 https://access.redhat.com/security/vulnerabilities/3112931 https://patchwork.kernel.org/patch/9755753/ https://patchwork.kernel.org/patch/9755757/ An upstream patch: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=49d31c2f389acfe83417083e1208422b4091cd9