CVE-2022-1055Use After Free in Kernel

CWE-416Use After Free16 documents8 sources
Severity
8.6HIGHNVD
OSV6.5
EPSS
0.0%
top 93.72%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Linux KernelLinux KernelCanonical Ubuntu Linux+2 more
Timeline
PublishedMar 29
Latest updateJun 2

Description

A use-after-free exists in the Linux Kernel in tc_new_tfilter that could allow a local attacker to gain privilege escalation. The exploit requires unprivileged user namespaces. We recommend upgrading past commit 04c2a47ffb13c29778e2a14e414ad4cb5a5db4b5

CVSS vector

CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N

Affected Packages4 packages

CVEListV5linux/kernel< v5.17-rc3
NVDlinux/linux_kernel5.15.17+1
Debianlinux/linux_kernel< 5.10.103-1+3
Ubuntulinux/linux_kernel< 5.4.0-107.121

Also affects: Ubuntu Linux 16.04, 18.04, 20.04, 21.10, 22.04, Enterprise Linux 8.0, Fedora 35

Patches

Patch: git.kernel.orgPatch: kernel.dancePatch: syzkaller.appspot.com

🔴Vulnerability Details

7
OSV
linux-bluefield vulnerabilities2022-04-13
OSV
linux-azure-5.13, linux-oracle-5.13 vulnerabilities2022-04-06
OSV
linux, linux-aws, linux-azure, linux-gcp, linux-hwe-5.13, linux-hwe-5.4, linux-kvm, linux-oracle, linux-oracle-5.4 vulnerabilities2022-03-31
OSV
linux-aws-5.4, linux-aws-5.13, linux-azure, linux-azure-5.4, linux-azure-fde, linux-gcp, linux-gcp-5.13, linux-gcp-5.4, linux-gke, linux-gke-5.4, linux-gkeop, linux-gkeop-5.4, linux-ibm, linux-ibm-5.42022-03-31
GHSA
GHSA-wmc5-hv62-89g7: A use-after-free exists in the Linux Kernel in tc_new_tfilter that could allow a local attacker to gain privilege escalation2022-03-30

📋Vendor Advisories

8
Ubuntu
Kernel Live Patch Security Notice2022-06-02
Ubuntu
Linux kernel (BlueField) vulnerabilities2022-04-13
Ubuntu
Linux kernel vulnerabilities2022-04-06
Ubuntu
Linux kernel vulnerabilities2022-03-31
Ubuntu
Linux kernel vulnerabilities2022-03-31
CVE-2022-1055 — Use After Free in Linux Kernel | cvebase