Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.
Bug 1468283 (CVE-2017-7533)
Summary: | CVE-2017-7533 kernel: a race between inotify_handle_event() and sys_rename() | ||||||
---|---|---|---|---|---|---|---|
Product: | [Other] Security Response | Reporter: | Pedro Sampaio <psampaio> | ||||
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> | ||||
Status: | CLOSED ERRATA | QA Contact: | |||||
Severity: | high | Docs Contact: | |||||
Priority: | high | ||||||
Version: | unspecified | CC: | aquini, carnil, dhoward, fche, fhrbata, joe.lawrence, jpoimboe, kernel-mgr, mszeredi, nmurray, pholasek, plougher, pmatouse, rvrbovsk, security-response-team, slawomir, swhiteho, vdronov, wmealing, yozone | ||||
Target Milestone: | --- | Keywords: | Security | ||||
Target Release: | --- | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
Whiteboard: | |||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||
Doc Text: |
A race condition was found in the Linux kernel, present since v3.14-rc1 through v4.12. The race happens between threads of inotify_handle_event() and vfs_rename() while running the rename operation against the same file. As a result of the race the next slab data or the slab's free list pointer can be corrupted with attacker-controlled data, which may lead to the privilege escalation.
|
Story Points: | --- | ||||
Clone Of: | Environment: | ||||||
Last Closed: | 2019-06-08 03:16:04 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Bug Depends On: | 1470403, 1471130, 1471131, 1471132, 1471133, 1478086, 1478096, 1478097, 1478098, 1478099, 1478100 | ||||||
Bug Blocks: | |||||||
Attachments: |
|
Description
Pedro Sampaio
2017-07-06 14:55:10 UTC
Created attachment 1296934 [details]
dmesg-slub-debug.txt
Statement: This issue does not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 5, 6, 7.0 and 7.1 as the code with the flaw is not present in the products listed. This issue affects the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 7.2 and newer and Red Hat Enterprise MRG 2. Future kernel updates for these products may address this issue. Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1478086] This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2017:2473 https://access.redhat.com/errata/RHSA-2017:2473 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2017:2585 https://access.redhat.com/errata/RHSA-2017:2585 This issue has been addressed in the following products: Red Hat Enterprise MRG 2 Via RHSA-2017:2669 https://access.redhat.com/errata/RHSA-2017:2669 This issue has been addressed in the following products: Red Hat Enterprise Linux 7.3 Extended Update Support Via RHSA-2017:2770 https://access.redhat.com/errata/RHSA-2017:2770 This issue has been addressed in the following products: Red Hat Enterprise Linux 7.2 Extended Update Support Via RHSA-2017:2869 https://access.redhat.com/errata/RHSA-2017:2869 Acknowledgments: Name: Leilei Lin (Alibaba Group), Fan Wu (The University of Hong Kong), Shixiong Zhao (The University of Hong Kong), Shankara Pailoor (Columbia University), Andrew Aday (Columbia University) |