High severity7.8NVD Advisory· Published Mar 31, 2017· Updated May 13, 2026

CVE-2017-7374

Description

Use-after-free vulnerability in fs/crypto/ in the Linux kernel before 4.10.7 allows local users to cause a denial of service (NULL pointer dereference) or possibly gain privileges by revoking keyring keys being used for ext4, f2fs, or ubifs encryption, causing cryptographic transform objects to be freed prematurely.

Affected products

Linux/Kernel
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Range: >=4.2,<4.4.59

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/nvdPatchThird Party Advisory
github.com/torvalds/linux/commit/1b53cf9815bb4744958d41f3795d5d5a1d365e2dnvdPatchThird Party Advisory
www.securityfocus.com/bid/97308nvdThird Party AdvisoryVDB Entry
source.android.com/security/bulletin/2017-10-01nvdThird Party Advisory
www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.10.7nvdRelease NotesVendor Advisory

News mentions

No linked articles in our index yet.

cvss	0.507
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000