CVE-2022-1055

Summary

A use-after-free exists in the Linux Kernel in tc_new_tfilter that could allow a local attacker to gain privilege escalation. The exploit requires unprivileged user namespaces. We recommend upgrading past commit 04c2a47ffb13c29778e2a14e414ad4cb5a5db4b5

Affected Software

VendorProductVersion RangeStatus
LinuxKernel0 < v5.17-rc3affected
LinuxKernel04c2a47ffb13c29778e2a14e414ad4cb5a5db4b5unaffected

Weaknesses

  • CWE-416: CWE-416 Use After Free

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: total

CVE Program Container

Additional References

References