CVE-2022-1055 HIGH

CVE-2022-1055: Use after Free in tc_new_tfilter allowing for privilege escalation in Linux Kernel

Vendor Linux
Product Kernel
Weakness CWE-416
Published March 29, 2022
Last update August 2, 2024

CVSS base score

8.6/10
Attack vector Local
Attack complexity High
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N

What the vulnerability does

01Description

A use-after-free exists in the Linux Kernel in tc_new_tfilter that could allow a local attacker to gain privilege escalation. The exploit requires unprivileged user namespaces. We recommend upgrading past commit 04c2a47ffb13c29778e2a14e414ad4cb5a5db4b5

Key dates

02Disclosure timeline

March 29, 2022 CVE published
August 2, 2024 Record updated