Use-after-free vulnerability in fs/crypto/ in the Linux kernel before 4.10.7 allows local users to cause a denial of service (NULL pointer dereference) or possibly gain privileges by revoking keyring keys being used for ext4, f2fs, or ubifs encryption, causing cryptographic transform objects to be freed prematurely.
http://www.securityfocus.com/bid/97308
https://github.com/torvalds/linux/commit/1b53cf9815bb4744958d41f3795d5d5a1d365e2d
https://source.android.com/security/bulletin/2017-10-01
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.10.7
Source: MITRE
Published: 2017-03-31
Updated: 2017-10-04
Type: CWE-416
Base Score: 7.2
Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Impact Score: 10
Exploitability Score: 3.9
Severity: HIGH
Base Score: 7.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Impact Score: 5.9
Exploitability Score: 1.8
Severity: HIGH
OR
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions up to 4.10.6 (inclusive)
ID | Name | Product | Family | Severity |
---|---|---|---|---|
124828 | EulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1505) | Nessus | Huawei Local Security Checks | critical |
101151 | Ubuntu 16.04 LTS : linux-hwe vulnerabilities (USN-3342-2) | Nessus | Ubuntu Local Security Checks | high |
101150 | Ubuntu 16.10 : linux, linux-raspi2 vulnerabilities (USN-3342-1) | Nessus | Ubuntu Local Security Checks | high |
100931 | Ubuntu 16.04 LTS : linux-hwe, linux-meta-hwe vulnerabilities (USN-3333-1) (Stack Clash) | Nessus | Ubuntu Local Security Checks | high |
100925 | Ubuntu 16.10 : linux-meta-raspi2, linux-raspi2 vulnerabilities (USN-3327-1) (Stack Clash) | Nessus | Ubuntu Local Security Checks | high |
100924 | Ubuntu 16.10 : linux, linux-meta vulnerabilities (USN-3326-1) (Stack Clash) | Nessus | Ubuntu Local Security Checks | high |
100023 | SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2017:1183-1) | Nessus | SuSE Local Security Checks | high |
99927 | openSUSE Security Update : the Linux Kernel (openSUSE-2017-532) | Nessus | SuSE Local Security Checks | high |
99658 | Ubuntu 14.04 LTS : linux-lts-xenial vulnerabilities (USN-3265-2) | Nessus | Ubuntu Local Security Checks | high |
99657 | Ubuntu 16.04 LTS : linux, linux-aws, linux-gke, linux-raspi2, linux-snapdragon vulnerabilities (USN-3265-1) | Nessus | Ubuntu Local Security Checks | high |