CVE-2017-7374

Source
Severity High
Remote No
Type Privilege escalation
Description
Use-after-free vulnerability in fs/crypto/ in the Linux kernel before 4.10.7 allows local users to cause a denial of service (NULL pointer dereference) or possibly gain privileges by revoking keyring keys being used for ext4, f2fs, or ubifs encryption, causing cryptographic transform objects to be freed prematurely.
Group Package Affected Fixed Severity Status Ticket
AVG-232 linux 4.10.6-1 4.10.8-1 High Fixed
References
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1b53cf9815bb4744958d41f3795d5d5a1d365e2d
https://github.com/torvalds/linux/commit/1b53cf9815bb4744958d41f3795d5d5a1d365e2d
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.10.7