627026 – (CVE-2017-7533) kernel: Race condition in Linux kernel present since v3.14-rc1 up to v4.12 (CVE-2017-7533)

Bug 627026 (CVE-2017-7533) - kernel: Race condition in Linux kernel present since v3.14-rc1 up to v4.12 (CVE-2017-7533)

Summary: kernel: Race condition in Linux kernel present since v3.14-rc1 up to v4.12 (C...

Status:	RESOLVED FIXED

Alias:	CVE-2017-7533

Product:	Gentoo Security
Classification:	Unclassified
Component:	Kernel (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Gentoo Kernel Security

URL:	http://seclists.org/oss-sec/2017/q3/240
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2017-08-04 05:39 UTC by D'juan McDonald (domhnall)
Modified:	2022-03-26 00:05 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description D'juan McDonald (domhnall) 2017-08-04 05:39:05 UTC

${URL}: 

A race condition was found in Linux kernel present since v3.14-rc1 upto v4.12
including. The race happens between threads of inotify_handle_event() and
vfs_rename() while running the rename operation against the same file. The next
slab data or the slab's free list pointer can be corrupted with attacker-controlled
data as a result of the race.

References:

https://bugzilla.redhat.com/show_bug.cgi?id=1468283

https://access.redhat.com/security/vulnerabilities/3112931

https://patchwork.kernel.org/patch/9755753/

https://patchwork.kernel.org/patch/9755757/

An upstream patch:

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=49d31c2f389acfe83417083e1208422b4091cd9

Comment 1 John Helmert III archtester

2022-03-26 00:05:45 UTC

Fixed in 4.9.41, 4.13