Lucene search

PRIOn knowledge basePRION:CVE-2017-7374

HistoryMar 31, 2017 - 8:59 p.m.

Null pointer dereference

2017-03-3120:59:00

PRIOn knowledge base

www.prio-n.com

7.3 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Use-after-free vulnerability in fs/crypto/ in the Linux kernel before 4.10.7 allows local users to cause a denial of service (NULL pointer dereference) or possibly gain privileges by revoking keyring keys being used for ext4, f2fs, or ubifs encryption, causing cryptographic transform objects to be freed prematurely.

CPENameOperatorVersion
linux_kernelge4.2
linux_kernellt4.4.59
linux_kernelge4.5
linux_kernellt4.9.20
linux_kernelge4.10
linux_kernellt4.10.7

Name	Operator	Version
linux_kernel	ge	4.2
linux_kernel	lt	4.4.59
linux_kernel	ge	4.5
linux_kernel	lt	4.9.20
linux_kernel	ge	4.10
linux_kernel	lt	4.10.7

References

git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1b53cf9815bb4744958d41f3795d5d5a1d365e2d

www.securityfocus.com/bid/97308

github.com/torvalds/linux/commit/1b53cf9815bb4744958d41f3795d5d5a1d365e2d

source.android.com/security/bulletin/2017-10-01

www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.10.7