Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2022-1055

Опубликовано: 31 янв. 2022
Источник: redhat
CVSS3: 7.8
EPSS Низкий

Описание

A use-after-free exists in the Linux Kernel in tc_new_tfilter that could allow a local attacker to gain privilege escalation. The exploit requires unprivileged user namespaces. We recommend upgrading past commit 04c2a47ffb13c29778e2a14e414ad4cb5a5db4b5

A use-after-free vulnerability was found in the tc_new_tfilter function in net/sched/cls_api.c in the Linux kernel. The availability of local, unprivileged user namespaces allows privilege escalation.

Отчет

The vulnerability in the Linux kernel is shipped in Red Hat Enterprise Linux 8.

Меры по смягчению последствий

On non-containerized deployments of Red Hat Enterprise Linux 8, you can disable user namespaces by setting user.max_user_namespaces to 0:

echo "user.max_user_namespaces=0" > /etc/sysctl.d/userns.conf

sysctl -p /etc/sysctl.d/userns.conf

On containerized deployments, such as Red Hat OpenShift Container Platform, do not use this mitigation as the functionality is needed to be enabled.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6kernelNot affected
Red Hat Enterprise Linux 7kernelNot affected
Red Hat Enterprise Linux 7kernel-rtNot affected
Red Hat Enterprise Linux 8kernel-rtFixedRHSA-2022:744408.11.2022
Red Hat Enterprise Linux 8kernelFixedRHSA-2022:768308.11.2022
Red Hat Enterprise Linux 8.6 Extended Update SupportkernelFixedRHSA-2024:118806.03.2024
Red Hat Enterprise Linux 9kernelFixedRHSA-2022:600309.08.2022
Red Hat Enterprise Linux 9kernel-rtFixedRHSA-2022:600209.08.2022
Red Hat Enterprise Linux 9kernelFixedRHSA-2022:600309.08.2022
Red Hat Virtualization 4 for Red Hat Enterprise Linux 8kernelFixedRHSA-2024:118806.03.2024

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-416
https://bugzilla.redhat.com/show_bug.cgi?id=2070220kernel: use-after-free in tc_new_tfilter() in net/sched/cls_api.c

EPSS

Процентиль: 4%
0.00021
Низкий

7.8 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2022-1055

CVSS3: 7.8
ubuntu
около 3 лет назад

A use-after-free exists in the Linux Kernel in tc_new_tfilter that could allow a local attacker to gain privilege escalation. The exploit requires unprivileged user namespaces. We recommend upgrading past commit 04c2a47ffb13c29778e2a14e414ad4cb5a5db4b5

nvd логотип

CVE-2022-1055

CVSS3: 7.8
nvd
около 3 лет назад

A use-after-free exists in the Linux Kernel in tc_new_tfilter that could allow a local attacker to gain privilege escalation. The exploit requires unprivileged user namespaces. We recommend upgrading past commit 04c2a47ffb13c29778e2a14e414ad4cb5a5db4b5

msrc логотип

CVE-2022-1055

CVSS3: 7.8
msrc
около 3 лет назад

Описание отсутствует

debian логотип

CVE-2022-1055

CVSS3: 7.8
debian
около 3 лет назад

A use-after-free exists in the Linux Kernel in tc_new_tfilter that cou ...

github логотип

GHSA-wmc5-hv62-89g7

CVSS3: 7.8
github
около 3 лет назад

A use-after-free exists in the Linux Kernel in tc_new_tfilter that could allow a local attacker to gain privilege escalation. The exploit requires unprivileged user namespaces. We recommend upgrading past commit 04c2a47ffb13c29778e2a14e414ad4cb5a5db4b5

EPSS

Процентиль: 4%
0.00021
Низкий

7.8 High

CVSS3