7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.0004 Low
EPSS
Percentile
5.3%
Use-after-free vulnerability in fs/crypto/ in the Linux kernel before
4.10.7 allows local users to cause a denial of service (NULL pointer
dereference) or possibly gain privileges by revoking keyring keys being
used for ext4, f2fs, or ubifs encryption, causing cryptographic transform
objects to be freed prematurely.
Author | Note |
---|---|
jdstrand | android kernels (flo, goldfish, grouper, maguro, mako and manta) are not supported on the Ubuntu Touch 14.10 and earlier preview kernels linux-lts-saucy no longer receives official support linux-lts-quantal no longer receives official support |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 16.04 | noarch | linux | < 4.4.0-75.96 | UNKNOWN |
ubuntu | 16.10 | noarch | linux | < 4.8.0-58.63 | UNKNOWN |
ubuntu | 16.04 | noarch | linux-aws | < 4.4.0-1016.25 | UNKNOWN |
ubuntu | 16.04 | noarch | linux-gke | < 4.4.0-1012.12 | UNKNOWN |
ubuntu | 16.04 | noarch | linux-hwe | < 4.8.0-58.63~16.04.1 | UNKNOWN |
ubuntu | 16.04 | noarch | linux-hwe-edge | < 4.8.0-58.63~16.04.1 | UNKNOWN |
ubuntu | 14.04 | noarch | linux-lts-xenial | < 4.4.0-75.96~14.04.1 | UNKNOWN |
ubuntu | 16.04 | noarch | linux-raspi2 | < 4.4.0-1054.61 | UNKNOWN |
ubuntu | 16.10 | noarch | linux-raspi2 | < 4.8.0-1042.46 | UNKNOWN |
ubuntu | 16.04 | noarch | linux-snapdragon | < 4.4.0-1057.61 | UNKNOWN |
git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1b53cf9815bb4744958d41f3795d5d5a1d365e2d
launchpad.net/bugs/cve/CVE-2017-7374
nvd.nist.gov/vuln/detail/CVE-2017-7374
security-tracker.debian.org/tracker/CVE-2017-7374
ubuntu.com/security/notices/USN-3265-1
ubuntu.com/security/notices/USN-3265-2
ubuntu.com/security/notices/USN-3342-1
ubuntu.com/security/notices/USN-3342-2
www.cve.org/CVERecord?id=CVE-2017-7374
www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.10.7
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.0004 Low
EPSS
Percentile
5.3%