CVE-2022-1055 An use-after-free vulnerability exists in the tc_new_tfilter kernel component that could allow a local attacker to gain privilege escalation. The exploit requires unprivileged user namespaces.

Or running a non-vulnerable kernel version. An attacker can trick a user into visiting a malicious webpage by sending him/her a link or an email. — CVE Name: CVE-2018-18077 Risk factor: Medium Exploitation: Remote In order to exploit this vulnerability, an attacker needs to convince a user to visit a malicious website. The attacker must then convince the user to enter his/her password for the targeted system. This can be done by sending a specially crafted link or email. — Releases that fix this issue Linux 4.15rc1 (released May 29, 2018) - Red Hat Enterprise Linux 7.4, SUSE Linux Enterprise Server 15, and Ubuntu 18.04 LTS — Fixed in 4.15 Linux 4.14 (released April 17, 2018) - Red Hat Enterprise Linux 7.3, SUSE Linux Enterprise Server 14, and Ubuntu 17.04 LTS — Fixed in 4.14 Linux 4.13 (released March 30, 2018) - Red Hat Enterprise Linux 7.2, SUSE Linux Enterprise Server 13, and Ubuntu 16.04 LTS — Fixed in 4.13 Linux 4.12 (released February 24, 2018) - Red Hat Enterprise Linux 7.1, SUSE Linux Enterprise Server 12, and Ubuntu 14.04 LTS — Fixed in 4.12 Linux 4.11 (released January 23, 2018) - Red Hat Enterprise Linux 6.7, SUSE Linux Enterprise Server 11, and Ubuntu

Linux kernel vulnerability - CVE-2018-18077

Or running a non-vulnerable kernel version. An attacker can trick a user into visiting a malicious webpage by sending him/her a link or an email.
The Linux kernel vulnerability CVE-2018-18077 was discovered on March 27, 2018 by Armis Labs and has been assigned the identifier CVE-2018-18077. This vulnerability is related to Linux Kernel's handling of KVM Paging structure. An unprivileged local user with access to the system's KVM could use this vulnerability to cause a denial of service (kernel crash) or potentially escalate their privileges within the system.

Linux kernel vulnerability overview

The Linux kernel vulnerability CVE-2022-1055 was discovered by Daniel Micay of Google Project Zero while looking at the performance of a virtual machine running ApacheBench. The vulnerability is an out-of-bounds (OOB) write due to a race condition which can be exploited by any unprivileged user to cause a kernel crash, resulting in privilege escalation and system compromise.

Linux 4.11 security improvements :

- Improved fix for CVE-2018-18077
- Fixed a regression in the kernel's handling of some signals

Timeline

Published on: 03/29/2022 15:15:00 UTC
Last modified on: 06/03/2022 18:15:00 UTC

References