PT-2017-4237 · Linux+3 · Linux Kernel+3

Published

2017-03-15

·

Updated

2023-02-14

·

CVE-2017-7374

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 4.10.7
Description The issue is related to a use-after-free vulnerability in the fs/crypto component of the Linux kernel, which can lead to a denial of service or possibly allow local users to gain privileges. This occurs when keyring keys used for ext4, f2fs, or ubifs encryption are revoked, causing cryptographic transform objects to be freed prematurely.
Recommendations For Linux kernel versions prior to 4.10.7, update to version 4.10.7 or later to resolve the issue.

Fix

DoS

NULL Pointer Dereference

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-476CWE-416

Related Identifiers

ALT-PU-2017-1398
ALT-PU-2017-1399
BDU:2023-00940
CVE-2017-7374
OPENSUSE-SU-2017_1140-1
SUSE-SU-2017:1183-1
SUSE-SU-2017:1990-1
USN-3265-1
USN-3265-2
USN-3342-1
USN-3342-2

Affected Products

Alt Linux
Linux Kernel
Suse
Ubuntu