PT-2017-4237 · Linux+3 · Linux Kernel+3

Publicado

2017-03-15

·

Atualizado

2023-02-14

·

CVE-2017-7374

CVSS v3.1

7.8

Alta

VetorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 4.10.7
Description The issue is related to a use-after-free vulnerability in the fs/crypto component of the Linux kernel, which can lead to a denial of service or possibly allow local users to gain privileges. This occurs when keyring keys used for ext4, f2fs, or ubifs encryption are revoked, causing cryptographic transform objects to be freed prematurely.
Recommendations For Linux kernel versions prior to 4.10.7, update to version 4.10.7 or later to resolve the issue.

Correção

DoS

NULL Pointer Dereference

Use After Free

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-476CWE-416

Identificadores relacionados

ALT-PU-2017-1398
ALT-PU-2017-1399
BDU:2023-00940
CVE-2017-7374
OPENSUSE-SU-2017_1140-1
SUSE-SU-2017:1183-1
SUSE-SU-2017:1990-1
USN-3265-1
USN-3265-2
USN-3342-1
USN-3342-2

Produtos afetados

Alt Linux
Linux Kernel
Suse
Ubuntu