CVE-2017-7374

HIGH

Linux kernel < 4.10.7 - Use After Free

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-7374. PoCs published by ww9210.

AI-analyzed exploit summary This PoC exploits CVE-2017-7374, a vulnerability in the Linux kernel's ext4 filesystem encryption implementation. It demonstrates how to trigger a race condition by manipulating encryption keys, potentially leading to a denial-of-service (DoS) or privilege escalation.

Description

Use-after-free vulnerability in fs/crypto/ in the Linux kernel before 4.10.7 allows local users to cause a denial of service (NULL pointer dereference) or possibly gain privileges by revoking keyring keys being used for ext4, f2fs, or ubifs encryption, causing cryptographic transform objects to be freed prematurely.

Exploits (1)

nomisec WORKING POC 1 stars

by ww9210 · poc

https://github.com/ww9210/cve-2017-7374

View Code ZIP pw:eip

This PoC exploits CVE-2017-7374, a vulnerability in the Linux kernel's ext4 filesystem encryption implementation. It demonstrates how to trigger a race condition by manipulating encryption keys, potentially leading to a denial-of-service (DoS) or privilege escalation.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Moderate

Reliability

Racy

Target: Linux kernel (ext4 filesystem with encryption)

Auth required

Prerequisites: ext4 filesystem with encryption support · ability to create encrypted directories · access to key management functions

MITRE ATT&CK