http://bugzilla.suse.com/show_bug.cgi?id=1032006 Bug ID: 1032006 Summary: VUL-0: CVE-2017-7374: kernel-source: denial of service (NULL pointer dereference) or possibly gain privileges by revoking keyring keys being used for ext4, f2fs, or ubifs encryption Classification: openSUSE Product: openSUSE Distribution Version: Leap 42.2 Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: security-team@suse.de Reporter: mikhail.kasimov@gmail.com QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- Ref: https://nvd.nist.gov/vuln/detail/CVE-2017-7374 ==================================================== Description Use-after-free vulnerability in fs/crypto/ in the Linux kernel before 4.10.7 allows local users to cause a denial of service (NULL pointer dereference) or possibly gain privileges by revoking keyring keys being used for ext4, f2fs, or ubifs encryption, causing cryptographic transform objects to be freed prematurely. Source: MITRE Last Modified: 03/31/2017 ==================================================== Hyperlink: [1] http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1b... [2] https://github.com/torvalds/linux/commit/1b53cf9815bb4744958d41f3795d5d5a1d3... [3] https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.10.7 -- You are receiving this mail because: You are on the CC list for the bug.