Use-after-free vulnerability in fs/crypto/ in the Linux kernel prior to 4.10.7 allows local users to cause a denial of service (NULL pointer dereference) or possibly gain privileges by revoking keyring keys being used for ext4, f2fs, or ubifs encryption, causing cryptographic transform objects to be freed prematurely.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
linux linux kernel |
There's a nasty bug in media file handling – deja vu, right?
Another month, another round of Android patches – although October's batch is pleasantly small compared to other recent releases. Of the 14 CVE flaws released, six cover Android's troubled media processing and playback engine. This means miscreants can fling malicious files at devices to potentially hijack them. The privilege escalation bugs can be used by dodgy apps to gain control of handsets and tablets. There's also a remote-code execution flaw in the Dnsmasq tool used by Android. Details ...