A flaw was found in the crypto subsystem of the Linux kernel.
The "null skcipher" was being by dropped in the wrong place -- when each af_alg_ctx was freed instead of when the aead_tfm was freed. This can cause the null skcipher to be freed while it is still in use.
This may grant a local user to be able to crash the machine and possible corrupt memory leading to privilege escalation.
Created kernel tracking bugs for this issue:
Affects: fedora-all [bug 1622836]
This issue was fixed for Fedora with the 4.14.8 stable kernel update.
Name: Florian Weimer (Red Hat), Ondrej Mosnacek (Red Hat)
This issue has been addressed in the following products:
Red Hat Enterprise Linux 7
Via RHSA-2018:2948 https://access.redhat.com/errata/RHSA-2018:2948