PT-2022-2045 · Linux+10 · Linux Kernel+10

Syzbot

·

Published

2022-01-31

·

Updated

2024-05-21

·

CVE-2022-1055

CVSS v4.0

8.6

High

VectorAV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N
Name of the Vulnerable Software and Affected Versions Linux Kernel versions prior to the version containing commit 04c2a47ffb13c29778e2a14e414ad4cb5a5db4b5
Description A use-after-free exists in the Linux Kernel in the tc new tfilter function that could allow a local attacker to gain privilege escalation. The exploit requires unprivileged user namespaces.
Recommendations To resolve the issue, upgrade past commit 04c2a47ffb13c29778e2a14e414ad4cb5a5db4b5. As a temporary workaround, consider restricting the use of unprivileged user namespaces until a patch is available.

Exploit

Fix

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALSA-2022:6002
ALSA-2022:6003
ALSA-2022:7444
ALSA-2022:7683
ALT-PU-2022-1647
ALT-PU-2022-1730
ALT-PU-2022-1768
ALT-PU-2022-2155
ALT-PU-2023-1684
ALT-PU-2023-1741
ALT-PU-2023-1814
ALT-PU-2023-4894
AZL-9218
BDU:2022-01644
CESA-2022_7444
CESA-2022_7683
CVE-2022-1055
LSN-0086-1
OESA-2022-1621
OPENSUSE-SU-2022_1163-1
OPENSUSE-SU-2022_1183-1
RHSA-2022:6002
RHSA-2022:6003
RHSA-2022:7444
RHSA-2022:7683
RHSA-2022_6002
RHSA-2022_6003
RHSA-2022_7444
RHSA-2022_7683
RHSA-2024:1188
RLSA-2022:7444
RLSA-2022:7683
SUSE-SU-2022:1163-1
SUSE-SU-2022:1183-1
SUSE-SU-2022:1197-1
SUSE-SU-2022:1257-1
SUSE-SU-2022:1326-1
SUSE-SU-2022:1369-1
SUSE-SU-2022:1407-1
SUSE-SU-2022:1453-1
USN-5358-1
USN-5358-2
USN-5368-1
USN-5377-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Linux Kernel
Linuxmint
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu