A use-after-free exists in the Linux Kernel in tc_new_tfilter that could allow a local attacker to gain privilege escalation. The exploit requires unprivileged user namespaces. We recommend upgrading past commit 04c2a47ffb13c29778e2a14e414ad4cb5a5db4b5
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/167386/Kernel-Live-Patch-Security-Notice-LSN-0086-1.html | Third Party Advisory VDB Entry |
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=04c2a47ffb13c29778e2a14e414ad4cb5a5db4b5 | Patch Vendor Advisory |
https://kernel.dance/#04c2a47ffb13c29778e2a14e414ad4cb5a5db4b5 | Exploit Patch Third Party Advisory |
https://security.netapp.com/advisory/ntap-20220506-0007/ | Third Party Advisory |
https://syzkaller.appspot.com/bug?id=2212474c958978ab86525fe6832ac8102c309ffc | Exploit Patch Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
AND |
|
Configuration 8 (hide)
AND |
|
Configuration 9 (hide)
AND |
|
Configuration 10 (hide)
AND |
|
Configuration 11 (hide)
AND |
|
Configuration 12 (hide)
AND |
|
History
19 Oct 2022, 17:40
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) http://packetstormsecurity.com/files/167386/Kernel-Live-Patch-Security-Notice-LSN-0086-1.html - Third Party Advisory, VDB Entry | |
CPE | cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:* cpe:2.3:o:canonical:ubuntu_linux:22.04:*:*:*:lts:*:*:* |
03 Jun 2022, 18:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
12 May 2022, 20:06
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:* |
|
First Time |
Netapp h700e
Netapp h300e Netapp h700e Firmware Netapp h300e Firmware Netapp h410s Firmware Netapp h300s Firmware Netapp h410c Netapp h700s Firmware Netapp Netapp h500s Netapp h500s Firmware Netapp h410s Netapp h500e Netapp h300s Netapp h500e Firmware Netapp h410c Firmware Netapp h700s |
|
References | (CONFIRM) https://security.netapp.com/advisory/ntap-20220506-0007/ - Third Party Advisory |
06 May 2022, 14:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
06 Apr 2022, 20:42
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 4.6
v3 : 7.8 |
First Time |
Fedoraproject
Canonical ubuntu Linux Linux linux Kernel Fedoraproject fedora Redhat enterprise Linux Linux Canonical Redhat |
|
References | (CONFIRM) https://kernel.dance/#04c2a47ffb13c29778e2a14e414ad4cb5a5db4b5 - Exploit, Patch, Third Party Advisory | |
References | (CONFIRM) https://syzkaller.appspot.com/bug?id=2212474c958978ab86525fe6832ac8102c309ffc - Exploit, Patch, Third Party Advisory | |
References | (CONFIRM) https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=04c2a47ffb13c29778e2a14e414ad4cb5a5db4b5 - Patch, Vendor Advisory | |
CPE | cpe:2.3:o:linux:linux_kernel:5.17:-:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:21.10:*:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:5.17:rc2:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:* cpe:2.3:o:linux:linux_kernel:5.17:rc1:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:* |
|
CWE | CWE-416 |
29 Mar 2022, 15:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-03-29 15:15
Updated : 2023-12-10 14:22
NVD link : CVE-2022-1055
Mitre link : CVE-2022-1055
CVE.ORG link : CVE-2022-1055
JSON object : View
Products Affected
netapp
- h410c
- h410s
- h300e
- h300s
- h500s
- h700s
- h700s_firmware
- h700e
- h410s_firmware
- h700e_firmware
- h500e_firmware
- h500e
- h500s_firmware
- h300e_firmware
- h410c_firmware
- h300s_firmware
canonical
- ubuntu_linux
fedoraproject
- fedora
linux
- linux_kernel
redhat
- enterprise_linux
CWE
CWE-416
Use After Free