Login Sign Up

CVE-2022-1055

7.8 HIGH

📋 TL;DR

CVE-2022-1055 is a use-after-free vulnerability in the Linux kernel's tc_new_tfilter function that allows local attackers to escalate privileges. The exploit requires unprivileged user namespaces to be enabled. This affects Linux systems with vulnerable kernel versions.

💻 Affected Systems

Products:
  • Linux Kernel
Versions: Linux kernel versions before commit 04c2a47ffb13c29778e2a14e414ad4cb5a5db4b5
Operating Systems: Linux distributions using vulnerable kernel versions
Default Config Vulnerable: ⚠️ Yes
Notes: Requires unprivileged user namespaces to be enabled (default on many distributions). Systems with kernel.unprivileged_userns_clone=0 are less vulnerable.

📦 What is this software?

Enterprise Linux by Redhat

View all CVEs affecting Enterprise Linux →

Fedora by Fedoraproject

View all CVEs affecting Fedora →

H300e Firmware by Netapp

View all CVEs affecting H300e Firmware →

H300s Firmware by Netapp

View all CVEs affecting H300s Firmware →

H410c Firmware by Netapp

View all CVEs affecting H410c Firmware →

H410s Firmware by Netapp

View all CVEs affecting H410s Firmware →

H500e Firmware by Netapp

View all CVEs affecting H500e Firmware →

H500s Firmware by Netapp

View all CVEs affecting H500s Firmware →

H700e Firmware by Netapp

View all CVEs affecting H700e Firmware →

H700s Firmware by Netapp

View all CVEs affecting H700s Firmware →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Ubuntu Linux by Canonical

View all CVEs affecting Ubuntu Linux →

Ubuntu Linux by Canonical

View all CVEs affecting Ubuntu Linux →

Ubuntu Linux by Canonical

View all CVEs affecting Ubuntu Linux →

Ubuntu Linux by Canonical

View all CVEs affecting Ubuntu Linux →

Ubuntu Linux by Canonical

View all CVEs affecting Ubuntu Linux →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full root privilege escalation leading to complete system compromise, data theft, and persistent backdoor installation.

🟠

Likely Case

Local privilege escalation allowing attackers to gain root access on affected systems.

🟢

If Mitigated

Limited impact if unprivileged user namespaces are disabled or proper kernel hardening is in place.

🌐 Internet-Facing: LOW - This is a local privilege escalation vulnerability requiring local access.
🏢 Internal Only: HIGH - Internal attackers or compromised user accounts can exploit this to gain root privileges.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploit requires local access and unprivileged user namespaces. Proof-of-concept code is publicly available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Linux kernel with commit 04c2a47ffb13c29778e2a14e414ad4cb5a5db4b5

Vendor Advisory: http://packetstormsecurity.com/files/167386/Kernel-Live-Patch-Security-Notice-LSN-0086-1.html

Restart Required: Yes

Instructions:

1. Update Linux kernel to version containing commit 04c2a47ffb13c29778e2a14e414ad4cb5a5db4b5. 2. Apply kernel live patches if available from your distribution. 3. Reboot system to load patched kernel.

🔧 Temporary Workarounds

Disable unprivileged user namespaces

linux

Prevents exploitation by disabling the required unprivileged user namespaces feature

sysctl -w kernel.unprivileged_userns_clone=0

🧯 If You Can't Patch

  • Disable unprivileged user namespaces using sysctl kernel.unprivileged_userns_clone=0
  • Implement strict access controls and monitor for privilege escalation attempts

🔍 How to Verify

Check if Vulnerable:

Check kernel version and verify if commit 04c2a47ffb13c29778e2a14e414ad4cb5a5db4b5 is present: git log --oneline | grep 04c2a47ffb13c29778e2a14e414ad4cb5a5db4b5

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version contains the fix commit: uname -r and check with distribution's security advisory

📡 Detection & Monitoring

Log Indicators:

  • Kernel panic logs, unexpected privilege escalation in audit logs, suspicious tc filter operations

Network Indicators:

  • None - this is a local exploit

SIEM Query:

Search for kernel panic events or privilege escalation patterns in system logs

📊 Metadata

CVE ID: CVE-2022-1055
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-416
Published: March 29, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-1055, you might also want to check these:

CVE-2025-24085 10.0

This CVE describes a use-after-free vulnerability (CWE-416) in Apple operating systems that allows m...

Same vulnerability type (CWE-416)
CVE-2024-43102 10.0

This CVE describes a use-after-free vulnerability in FreeBSD's umtx (user mutex) subsystem where con...

Same vulnerability type (CWE-416)
CVE-2021-33796 10.0

CVE-2021-33796 is a use-after-free vulnerability in MuJS's regexp source property access that can le...

Same vulnerability type (CWE-416)