Lucene search

[email protected]NVD:CVE-2022-1055

HistoryMar 29, 2022 - 3:15 p.m.

CVE-2022-1055

2022-03-2915:15:08

CWE-416

[email protected]

web.nvd.nist.gov

linux kernel

use-after-free

privilege escalation

local attacker

user namespaces

cve-2022-1055

vulnerability

privilege escalation

upgrade

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

5.1%

JSON

A use-after-free exists in the Linux Kernel in tc_new_tfilter that could allow a local attacker to gain privilege escalation. The exploit requires unprivileged user namespaces. We recommend upgrading past commit 04c2a47ffb13c29778e2a14e414ad4cb5a5db4b5

Affected configurations

Nvd

Node

linuxlinux_kernelRange5.1–5.17

linuxlinux_kernelMatch5.17-

linuxlinux_kernelMatch5.17rc1

linuxlinux_kernelMatch5.17rc2

Node

redhatenterprise_linuxMatch8.0

Node

fedoraprojectfedoraMatch35

Node

canonicalubuntu_linuxMatch16.04esm

canonicalubuntu_linuxMatch18.04lts

canonicalubuntu_linuxMatch20.04lts

canonicalubuntu_linuxMatch21.10

canonicalubuntu_linuxMatch22.04lts

Node

netapph300s_firmwareMatch-

AND

netapph300sMatch-

Node

netapph500s_firmwareMatch-

AND

netapph500sMatch-

Node

netapph700sMatch-

AND

netapph700s_firmwareMatch-

Node

netapph300eMatch-

AND

netapph300e_firmwareMatch-

Node

netapph500eMatch-

AND

netapph500e_firmwareMatch-

Node

netapph700eMatch-

AND

netapph700e_firmwareMatch-

Node

netapph410sMatch-

AND

netapph410s_firmwareMatch-

Node

netapph410cMatch-

AND

netapph410c_firmwareMatch-

VendorProductVersionCPE
linuxlinux_kernel*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
linuxlinux_kernel5.17cpe:2.3:o:linux:linux_kernel:5.17:-:*:*:*:*:*:*
linuxlinux_kernel5.17cpe:2.3:o:linux:linux_kernel:5.17:rc1:*:*:*:*:*:*
linuxlinux_kernel5.17cpe:2.3:o:linux:linux_kernel:5.17:rc2:*:*:*:*:*:*
redhatenterprise_linux8.0cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
fedoraprojectfedora35cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
canonicalubuntu_linux16.04cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
canonicalubuntu_linux18.04cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
canonicalubuntu_linux20.04cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*
canonicalubuntu_linux21.10cpe:2.3:o:canonical:ubuntu_linux:21.10:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
linux	linux_kernel	*	cpe:2.3:o:linux:linux_kernel::::::::
linux	linux_kernel	5.17	cpe:2.3:o:linux:linux_kernel:5.17:-::::::
linux	linux_kernel	5.17	cpe:2.3:o:linux:linux_kernel:5.17:rc1::::::
linux	linux_kernel	5.17	cpe:2.3:o:linux:linux_kernel:5.17:rc2::::::
redhat	enterprise_linux	8.0	cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*
fedoraproject	fedora	35	cpe:2.3:o:fedoraproject:fedora:35:::::::*
canonical	ubuntu_linux	16.04	cpe:2.3:o:canonical:ubuntu_linux:16.04::::esm:::
canonical	ubuntu_linux	18.04	cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
canonical	ubuntu_linux	20.04	cpe:2.3:o:canonical:ubuntu_linux:20.04::::lts:::
canonical	ubuntu_linux	21.10	cpe:2.3:o:canonical:ubuntu_linux:21.10:::::::*