Synology-SA-17:37 Linux kernel

Publish Time: 2017-08-07 16:17:12 UTC+8

Last Updated: 2017-09-08 16:28:23 UTC+8

Severity
Important
Status
Resolved

Abstract

CVE-2017-7533 allows local users of a Virtual DSM to obtain privileges or cause a denial of service under a race condition between threads of inotify_handle_event() and vfs_rename() while running the "rename" operation for the same file.

Severity

Affected

  • Products
    • DSM 6.1
  • Models
    • Virtual DSM

Description

Race condition in the fsnotify implementation in the Linux kernel through 4.12.4 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that leverages simultaneous execution of the inotify_handle_event and vfs_rename functions, as exploited in the wild in August 2017.

Mitigation

None

Update Availability

To fix the security issue, please update DSM 6.1 to 6.1.3-15152-3 or above.

Reference