Synology-SA-17:37 Linux kernel
Publish Time: 2017-08-07 16:17:12 UTC+8
Last Updated: 2017-09-08 16:28:23 UTC+8
CVE-2017-7533 allows local users of a Virtual DSM to obtain privileges or cause a denial of service under a race condition between threads of inotify_handle_event() and vfs_rename() while running the "rename" operation for the same file.
- Impact: Important
- CVSS3 Base Score: 7.8
- CVSS3 Base Metrics: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- DSM 6.1
- Virtual DSM
Race condition in the fsnotify implementation in the Linux kernel through 4.12.4 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that leverages simultaneous execution of the inotify_handle_event and vfs_rename functions, as exploited in the wild in August 2017.
To fix the security issue, please update DSM 6.1 to 6.1.3-15152-3 or above.