CVE-2017-7533 is the identification of the latest vulnerability found in Linux kernel that was disclosed on August 3. The flaw is described as a “race condition” that can be exploited to allow an unprivileged local user to obtain root access to the server. It’s a severe vulnerability and with a high priority.
There is also an existing working exploit that allows for privilege escalation for 32-bit kernels, as explained by researchers. It’s still not known whether an exploit for 64-bit is in place but the flaw should be addressed in any case as 64-but kernels are also affected by the current race.
CVE-2017-7533 Technical Overview
More specifically, the flaw in question affects Linux kernels v3.14-rc1 up to v4.12. Here’s the official description:
A race condition was found in the Linux kernel, present since v3.14-rc1 through v4.12. The race happens between threads of inotify_handle_event() and vfs_rename() while running the rename operation against the same file. As a result of the race the next slab data or the slab’s free list pointer can be corrupted with attacker-controlled data.
CVE-2017-7533 does not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 5, 6, 7.0 and 7.1 as the vulnerable code isn’t present in the listed products.
This issue affects the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 7.2 and newer and Red Hat Enterprise MRG 2. Upcoming kernel updates for these products may address the flaw, security experts explain.