CVE-2022-1055

Public on 2022-03-29

Modified on 2023-01-18

Description

A use-after-free vulnerability was found in the tc_new_tfilter function in net/sched/cls_api.c in the Linux kernel. The availability of local, unprivileged user namespaces allows privilege escalation.

Severity

Medium

See what this means

CVSS v3 Base Score

6.3

See breakdown

Affected Packages

Platform	Package	Release Date	Advisory
Amazon Linux 2 - Kernel-5.10 Extra	kernel	2022-03-07 23:46	ALAS2KERNEL-5.10-2022-011
Amazon Linux 2 - Kernel-5.4 Extra	kernel	2022-04-04 23:40	ALAS2KERNEL-5.4-2022-024
Amazon Linux 2023	kernel	2023-02-17 20:46	ALAS2023-2023-070

CVSS Scores

	Score Type	Score	Vector
Amazon Linux	CVSSv3	6.3	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
NVD	CVSSv2	4.6	AV:L/AC:L/Au:N/C:P/I:P/A:P
NVD	CVSSv3	7.8	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References

Red Hat: CVE-2022-1055 Mitre: CVE-2022-1055 FAQs regarding Amazon Linux ALAS/CVE Severity