CVE-2022-1055

A use-after-free exists in the Linux Kernel in tc_new_tfilter that could allow a local attacker to gain privilege escalation. The exploit requires unprivileged user namespaces. We recommend upgrading past commit 04c2a47ffb13c29778e2a14e414ad4cb5a5db4b5
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.17:-:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.17:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.17:rc2:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*

Configuration 3 (hide)

cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*

Configuration 4 (hide)

OR cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:21.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:22.04:*:*:*:lts:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*

History

19 Oct 2022, 17:40

Type Values Removed Values Added
References (MISC) http://packetstormsecurity.com/files/167386/Kernel-Live-Patch-Security-Notice-LSN-0086-1.html - (MISC) http://packetstormsecurity.com/files/167386/Kernel-Live-Patch-Security-Notice-LSN-0086-1.html - Third Party Advisory, VDB Entry
CPE cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:22.04:*:*:*:lts:*:*:*

03 Jun 2022, 18:15

Type Values Removed Values Added
References
  • (MISC) http://packetstormsecurity.com/files/167386/Kernel-Live-Patch-Security-Notice-LSN-0086-1.html -

12 May 2022, 20:06

Type Values Removed Values Added
References (CONFIRM) https://security.netapp.com/advisory/ntap-20220506-0007/ - (CONFIRM) https://security.netapp.com/advisory/ntap-20220506-0007/ - Third Party Advisory
CPE cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:*
First Time Netapp h700e
Netapp h300e
Netapp h700e Firmware
Netapp h300e Firmware
Netapp h410s Firmware
Netapp h300s Firmware
Netapp h410c
Netapp h700s Firmware
Netapp
Netapp h500s
Netapp h500s Firmware
Netapp h410s
Netapp h500e
Netapp h300s
Netapp h500e Firmware
Netapp h410c Firmware
Netapp h700s

06 May 2022, 14:15

Type Values Removed Values Added
References
  • (CONFIRM) https://security.netapp.com/advisory/ntap-20220506-0007/ -

06 Apr 2022, 20:42

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : 4.6
v3 : 7.8
References (CONFIRM) https://kernel.dance/#04c2a47ffb13c29778e2a14e414ad4cb5a5db4b5 - (CONFIRM) https://kernel.dance/#04c2a47ffb13c29778e2a14e414ad4cb5a5db4b5 - Exploit, Patch, Third Party Advisory
References (CONFIRM) https://syzkaller.appspot.com/bug?id=2212474c958978ab86525fe6832ac8102c309ffc - (CONFIRM) https://syzkaller.appspot.com/bug?id=2212474c958978ab86525fe6832ac8102c309ffc - Exploit, Patch, Third Party Advisory
References (CONFIRM) https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=04c2a47ffb13c29778e2a14e414ad4cb5a5db4b5 - (CONFIRM) https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=04c2a47ffb13c29778e2a14e414ad4cb5a5db4b5 - Patch, Vendor Advisory
CPE cpe:2.3:o:linux:linux_kernel:5.17:-:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:21.10:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.17:rc2:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
cpe:2.3:o:linux:linux_kernel:5.17:rc1:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*
CWE CWE-416
First Time Fedoraproject
Canonical ubuntu Linux
Linux linux Kernel
Fedoraproject fedora
Redhat enterprise Linux
Linux
Canonical
Redhat

29 Mar 2022, 15:15

Type Values Removed Values Added
New CVE

Information

Published : 2022-03-29 15:15

Updated : 2024-05-21 04:15


NVD link : CVE-2022-1055

Mitre link : CVE-2022-1055

CVE.ORG link : CVE-2022-1055


JSON object : View

Products Affected

netapp

  • h700e
  • h500s
  • h410c
  • h300e
  • h300s
  • h700s_firmware
  • h700s
  • h410s_firmware
  • h500e_firmware
  • h700e_firmware
  • h410s
  • h300s_firmware
  • h500s_firmware
  • h500e
  • h300e_firmware
  • h410c_firmware

canonical

  • ubuntu_linux

linux

  • linux_kernel

redhat

  • enterprise_linux

fedoraproject

  • fedora
CWE
CWE-416

Use After Free