QwikSec

Security Database

CVE

CWE

Training

CVE-2017-7374

Published: Mar 31, 2017

Modified: Aug 5, 2024

PUBLISHED

Description

Use-after-free vulnerability in fs/crypto/ in the Linux kernel before 4.10.7 allows local users to cause a denial of service (NULL pointer dereference) or possibly gain privileges by revoking keyring keys being used for ext4, f2fs, or ubifs encryption, causing cryptographic transform objects to be freed prematurely.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://source.android.com/security/bulletin/2017-10-01

x_refsource_CONFIRM

vdb-entry

x_refsource_BID

https://github.com/torvalds/linux/commit/1b53cf9815bb4744958d41f3795d5d5a1d365e2d

x_refsource_CONFIRM

https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.10.7

x_refsource_CONFIRM

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1b53cf9815bb4744958d41f3795d5d5a1d365e2d

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.