CVE-2017-7533 - Severe Kernel Linux Vulnerability
CYBER NEWS

CVE-2017-7533 – Severe Linux Kernel Vulnerability

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...

CVE-2017-7533 is the identification of the latest vulnerability found in Linux kernel that was disclosed on August 3. The flaw is described as a “race condition” that can be exploited to allow an unprivileged local user to obtain root access to the server. It’s a severe vulnerability and with a high priority.

Related Story: CVE-2017-1000367, Severe Root Vulnerability in Linux Sudo

There is also an existing working exploit that allows for privilege escalation for 32-bit kernels, as explained by researchers. It’s still not known whether an exploit for 64-bit is in place but the flaw should be addressed in any case as 64-but kernels are also affected by the current race.

CVE-2017-7533 Technical Overview

More specifically, the flaw in question affects Linux kernels v3.14-rc1 up to v4.12. Here’s the official description:

A race condition was found in the Linux kernel, present since v3.14-rc1 through v4.12. The race happens between threads of inotify_handle_event() and vfs_rename() while running the rename operation against the same file. As a result of the race the next slab data or the slab’s free list pointer can be corrupted with attacker-controlled data.

CVE-2017-7533 does not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 5, 6, 7.0 and 7.1 as the vulnerable code isn’t present in the listed products.

Related Story: CVE-2016-5195 Found in Every Linux Version (for the Last 9 Years)

This issue affects the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 7.2 and newer and Red Hat Enterprise MRG 2. Upcoming kernel updates for these products may address the flaw, security experts explain.

Avatar

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum for 4 years. Enjoys ‘Mr. Robot’ and fears ‘1984’. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles!

More Posts

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...