VDB
CVE-2017-7374
CVE-2017-7374
PUBLISHED
Use-after-free vulnerability in fs/crypto/ in the Linux kernel before 4.10.7 allows local users to cause a denial of service (NULL pointer dereference) or possibly gain privileges by revoking keyring keys being used for ext4, f2fs, or ubifs encryption, causing cryptographic transform objects to be freed prematurely.
EPSS 0.35% · 57.9th percentile
Risk Scores
EPSS Score
0.35%
57.9th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:16.04:LTS | linux-aws | 4.4.0-1003.12, 4.4.0-1001.10, 0 |
| Ubuntu:18.04:LTS | linux-gcp | 4.15.0-1019.20, 4.15.0-1021.22, 4.15.0-1023.24 |
| Ubuntu:24.04:LTS | linux-raspi-realtime | 6.8.0-2019.20, 0 |
| Ubuntu:22.04:LTS | linux-realtime | 5.15.0-1032.35, 0 |
| Ubuntu:18.04:LTS | linux-hwe | 5.3.0-40.32~18.04.1, 4.18.0-17.18~18.04.1, 4.18.0-18.19~18.04.1 |
| Ubuntu:18.04:LTS | linux-hwe-edge | 5.3.0-23.25~18.04.2, 5.3.0-23.25~18.04.1, 5.3.0-22.24~18.04.1 |
| Ubuntu:16.04:LTS | linux-raspi2 | 4.4.0-1048.55, 4.4.0-1050.57, 4.4.0-1051.58 |
| Ubuntu:14.04:LTS | linux-lts-xenial | *, 4.4.0-24.43~14.04.1, 4.4.0-22.39~14.04.1 |
| Ubuntu:20.04:LTS | linux-riscv | 5.4.0-40.45, 5.4.0-26.30, 5.4.0-37.42 |
| Ubuntu:18.04:LTS | linux-oem | 4.15.0-1090.100, 4.15.0-1006.9, 4.15.0-1008.11 |
| Ubuntu:20.04:LTS | linux-gke | 5.4.0-1044.46, 5.4.0-1076.82, 5.4.0-1086.93 |
| Ubuntu:18.04:LTS | linux-azure | 5.0.0-1028.30~18.04.1, *, * |
| Ubuntu:22.04:LTS | linux-riscv | 0, 5.13.0-1004.4, 5.13.0-1006.6+22.04.1 |
| Ubuntu:16.04:LTS | linux-gke | 4.4.0-1010.10, 4.4.0-1009.9, 4.4.0-1008.8 |
| Ubuntu:16.04:LTS | linux-snapdragon | 4.4.0-1026.29, 0, 4.4.0-1013.14 |
| Ubuntu:22.04:LTS | linux-intel-iot-realtime | 0, 5.15.0-1073.75 |
| Ubuntu:16.04:LTS | linux-hwe | *, *, * |
| Ubuntu:20.04:LTS | linux-azure-fde | 5.4.0-1103.109+cvm1.1, 0, 5.4.0-1063.66+cvm2.2 |
| Ubuntu:20.04:LTS | linux-raspi2 | 5.4.0-1004.4, 5.4.0-1006.6, 0 |
| Ubuntu:16.04:LTS | linux | 4.2.0-16.19, 4.2.0-17.21, 4.2.0-19.23 |
Timeline
- Mar 31, 2017 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 22, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 25, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 27, 2022 EPSS Score
- May 1, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Nov 5, 2022 EPSS Score
- Jan 7, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2017-7374 third-party-advisory
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1b53cf9815bb4744958d41f3795d5d5a1d365e2d third-party-advisory
- https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.10.7 third-party-advisory
- https://ubuntu.com/security/notices/USN-3265-1 vendor-advisory
- https://ubuntu.com/security/notices/USN-3265-2 vendor-advisory
- https://ubuntu.com/security/notices/USN-3342-1 vendor-advisory
- https://ubuntu.com/security/notices/USN-3342-2 vendor-advisory
- https://www.cve.org/CVERecord?id=CVE-2017-7374 third-party-advisory