Vulnerability Description
Use-after-free vulnerability in fs/crypto/ in the Linux kernel before 4.10.7 allows local users to cause a denial of service (NULL pointer dereference) or possibly gain privileges by revoking keyring keys being used for ext4, f2fs, or ubifs encryption, causing cryptographic transform objects to be freed prematurely.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | >= 4.2, < 4.4.59 |
Related Weaknesses (CWE)
References
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1b53cfPatchThird Party Advisory
- http://www.securityfocus.com/bid/97308Third Party AdvisoryVDB Entry
- https://github.com/torvalds/linux/commit/1b53cf9815bb4744958d41f3795d5d5a1d365e2PatchThird Party Advisory
- https://source.android.com/security/bulletin/2017-10-01Third Party Advisory
- https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.10.7Release NotesVendor Advisory
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1b53cfPatchThird Party Advisory
- http://www.securityfocus.com/bid/97308Third Party AdvisoryVDB Entry
- https://github.com/torvalds/linux/commit/1b53cf9815bb4744958d41f3795d5d5a1d365e2PatchThird Party Advisory
- https://source.android.com/security/bulletin/2017-10-01Third Party Advisory
- https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.10.7Release NotesVendor Advisory
FAQ
What is CVE-2017-7374?
CVE-2017-7374 is a vulnerability with a CVSS score of 7.8 (HIGH). Use-after-free vulnerability in fs/crypto/ in the Linux kernel before 4.10.7 allows local users to cause a denial of service (NULL pointer dereference) or possibly gain privileges by revoking keyring ...
How severe is CVE-2017-7374?
CVE-2017-7374 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-7374?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel.