Login Sign Up

CVE-2022-1011

7.8 HIGH

📋 TL;DR

A use-after-free vulnerability in the Linux kernel's FUSE filesystem allows a local attacker to trigger write() operations that can lead to unauthorized data access and privilege escalation. This affects Linux systems with FUSE filesystems mounted. Local users with access to mount or write to FUSE filesystems are at risk.

💻 Affected Systems

Products:
  • Linux kernel
Versions: Kernel versions before 5.17.1
Operating Systems: Linux distributions using affected kernel versions
Default Config Vulnerable: ⚠️ Yes
Notes: Requires FUSE filesystem to be mounted. Many distributions enable FUSE by default or through common packages.

📦 What is this software?

Build Of Quarkus by Redhat

View all CVEs affecting Build Of Quarkus →

Codeready Linux Builder by Redhat

View all CVEs affecting Codeready Linux Builder →

Communications Cloud Native Core Binding Support Function by Oracle

View all CVEs affecting Communications Cloud Native Core Binding Support Function →

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Developer Tools by Redhat

View all CVEs affecting Developer Tools →

Enterprise Linux by Redhat

View all CVEs affecting Enterprise Linux →

Enterprise Linux by Redhat

View all CVEs affecting Enterprise Linux →

Enterprise Linux by Redhat

View all CVEs affecting Enterprise Linux →

Enterprise Linux Eus by Redhat

View all CVEs affecting Enterprise Linux Eus →

Enterprise Linux For Ibm Z Systems by Redhat

View all CVEs affecting Enterprise Linux For Ibm Z Systems →

Enterprise Linux For Ibm Z Systems Eus by Redhat

View all CVEs affecting Enterprise Linux For Ibm Z Systems Eus →

Enterprise Linux For Power Little Endian by Redhat

View all CVEs affecting Enterprise Linux For Power Little Endian →

Enterprise Linux For Power Little Endian Eus by Redhat

View all CVEs affecting Enterprise Linux For Power Little Endian Eus →

Enterprise Linux For Real Time by Redhat

View all CVEs affecting Enterprise Linux For Real Time →

Enterprise Linux For Real Time For Nfv by Redhat

View all CVEs affecting Enterprise Linux For Real Time For Nfv →

Enterprise Linux For Real Time For Nfv Tus by Redhat

View all CVEs affecting Enterprise Linux For Real Time For Nfv Tus →

Enterprise Linux For Real Time Tus by Redhat

View all CVEs affecting Enterprise Linux For Real Time Tus →

Enterprise Linux Server Aus by Redhat

View all CVEs affecting Enterprise Linux Server Aus →

Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions by Redhat

View all CVEs affecting Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions →

Enterprise Linux Server Tus by Redhat

View all CVEs affecting Enterprise Linux Server Tus →

Enterprise Linux Server Update Services For Sap Solutions by Redhat

View all CVEs affecting Enterprise Linux Server Update Services For Sap Solutions →

Fedora by Fedoraproject

View all CVEs affecting Fedora →

Fedora by Fedoraproject

View all CVEs affecting Fedora →

H300e Firmware by Netapp

View all CVEs affecting H300e Firmware →

H300s Firmware by Netapp

View all CVEs affecting H300s Firmware →

H410c Firmware by Netapp

View all CVEs affecting H410c Firmware →

H410s Firmware by Netapp

View all CVEs affecting H410s Firmware →

H500e Firmware by Netapp

View all CVEs affecting H500e Firmware →

H500s Firmware by Netapp

View all CVEs affecting H500s Firmware →

H700e Firmware by Netapp

View all CVEs affecting H700e Firmware →

H700s Firmware by Netapp

View all CVEs affecting H700s Firmware →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Virtualization Host by Redhat

View all CVEs affecting Virtualization Host →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local attacker gains root privileges, accesses sensitive data, and potentially installs persistent backdoors or malware.

🟠

Likely Case

Local user escalates privileges to gain unauthorized access to files and system resources they shouldn't have access to.

🟢

If Mitigated

With proper access controls and unprivileged FUSE restrictions, impact is limited to data leakage within user's existing permissions.

🌐 Internet-Facing: LOW - This is a local privilege escalation requiring local access to the system.
🏢 Internal Only: HIGH - Internal users with local shell access can exploit this to gain elevated privileges.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploit requires local access and knowledge of FUSE operations. Proof-of-concept code has been published in security advisories.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Linux kernel 5.17.1 and later

Vendor Advisory: https://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/fuse.git/commit/?h=for-next

Restart Required: Yes

Instructions:

1. Update Linux kernel to version 5.17.1 or later. 2. For distributions: Apply vendor kernel updates. 3. Reboot system after kernel update.

🔧 Temporary Workarounds

Disable FUSE module

linux

Prevent loading of FUSE kernel module to eliminate attack surface

echo 'install fuse /bin/false' >> /etc/modprobe.d/fuse.conf
rmmod fuse

Restrict FUSE mounting

linux

Limit FUSE mounting to privileged users only

sysctl -w kernel.unprivileged_userns_clone=0
echo 'kernel.unprivileged_userns_clone=0' >> /etc/sysctl.conf

🧯 If You Can't Patch

  • Implement strict access controls to limit local user access to systems
  • Monitor for privilege escalation attempts and unusual FUSE activity

🔍 How to Verify

Check if Vulnerable:

Check kernel version: uname -r. If version is earlier than 5.17.1 and FUSE is loaded, system is vulnerable.

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version is 5.17.1 or later: uname -r. Check that FUSE module is either not loaded or system has been patched.

📡 Detection & Monitoring

Log Indicators:

  • Kernel oops messages related to FUSE
  • Unexpected privilege escalation events
  • Failed FUSE operations in system logs

Network Indicators:

  • None - this is a local exploit

SIEM Query:

source="kernel" AND ("FUSE" OR "use-after-free") OR event_type="privilege_escalation"

📊 Metadata

CVE ID: CVE-2022-1011
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-416
Published: March 18, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-1011, you might also want to check these:

CVE-2025-24085 10.0

This CVE describes a use-after-free vulnerability (CWE-416) in Apple operating systems that allows m...

Same vulnerability type (CWE-416)
CVE-2024-43102 10.0

This CVE describes a use-after-free vulnerability in FreeBSD's umtx (user mutex) subsystem where con...

Same vulnerability type (CWE-416)
CVE-2021-33796 10.0

CVE-2021-33796 is a use-after-free vulnerability in MuJS's regexp source property access that can le...

Same vulnerability type (CWE-416)