{"id":"CVE-2017-7533","details":"Race condition in the fsnotify implementation in the Linux kernel through 4.12.4 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that leverages simultaneous execution of the inotify_handle_event and vfs_rename functions.","modified":"2026-03-15T22:17:52.118450Z","published":"2017-08-05T16:29:00.180Z","related":["SUSE-SU-2017:2041-1","SUSE-SU-2017:2042-1","SUSE-SU-2017:2043-1","SUSE-SU-2017:2046-1","SUSE-SU-2017:2049-1","SUSE-SU-2017:2060-1","SUSE-SU-2017:2061-1","SUSE-SU-2017:2062-1","SUSE-SU-2017:2063-1","SUSE-SU-2017:2064-1","SUSE-SU-2017:2065-1","SUSE-SU-2017:2066-1","SUSE-SU-2017:2067-1","SUSE-SU-2017:2068-1","SUSE-SU-2017:2069-1","SUSE-SU-2017:2070-1","SUSE-SU-2017:2072-1","SUSE-SU-2017:2073-1","SUSE-SU-2017:2074-1","SUSE-SU-2017:2088-1","SUSE-SU-2017:2089-1","SUSE-SU-2017:2090-1","SUSE-SU-2017:2091-1","SUSE-SU-2017:2092-1","SUSE-SU-2017:2093-1","SUSE-SU-2017:2094-1","SUSE-SU-2017:2095-1","SUSE-SU-2017:2096-1","SUSE-SU-2017:2098-1","SUSE-SU-2017:2099-1","SUSE-SU-2017:2100-1","SUSE-SU-2017:2102-1","SUSE-SU-2017:2103-1","SUSE-SU-2017:2114-1","SUSE-SU-2017:2286-1","SUSE-SU-2017:2342-1","SUSE-SU-2017:2389-1","SUSE-SU-2017:2525-1","SUSE-SU-2017:2956-1"],"references":[{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2017:2869"},{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2019/06/28/2"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/100123"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2017:2585"},{"type":"ADVISORY","url":"https://www.mail-archive.com/linux-kernel%40vger.kernel.org/msg1408967.html"},{"type":"ADVISORY","url":"http://www.debian.org/security/2017/dsa-3927"},{"type":"ADVISORY","url":"http://www.debian.org/security/2017/dsa-3945"},{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2019/06/28/1"},{"type":"ADVISORY","url":"http://www.securitytracker.com/id/1039075"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2017:2473"},{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2017-12-01"},{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2019/06/27/7"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2017:2669"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2017:2770"},{"type":"FIX","url":"https://github.com/torvalds/linux/commit/49d31c2f389acfe83417083e1208422b4091cd9e"},{"type":"FIX","url":"https://patchwork.kernel.org/patch/9755757/"},{"type":"FIX","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1468283"},{"type":"FIX","url":"https://patchwork.kernel.org/patch/9755753/"},{"type":"FIX","url":"http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=49d31c2f389acfe83417083e1208422b4091cd9e"},{"type":"FIX","url":"http://openwall.com/lists/oss-security/2017/08/03/2"}],"affected":[{"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-7533.json","unresolved_ranges":[{"events":[{"introduced":"3.14"},{"fixed":"3.16.47"}]},{"events":[{"introduced":"3.17"},{"fixed":"3.18.64"}]},{"events":[{"introduced":"3.19"},{"fixed":"4.4.80"}]},{"events":[{"introduced":"4.5"},{"fixed":"4.9.41"}]},{"events":[{"introduced":"4.10"},{"fixed":"4.12.5"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}