CVE-2022-1055: 
Linux Kernel vulnerability analysis and mitigation

A use-after-free vulnerability (CVE-2022-1055) was discovered in the Linux Kernel's tc_new_tfilter function in net/sched/cls_api.c. The vulnerability was disclosed on March 29, 2022, affecting Linux Kernel versions 5.1 through 5.17:rc2. The vulnerability requires unprivileged user namespaces to be exploited (NVD, Debian).

The vulnerability exists in the tc_new_tfilter function where local variables 'q' and 'chain' were not properly cleared when jumping back to the replay label, leading to a use-after-free condition. The issue received a CVSS v3.1 base score of 7.8 (HIGH) with vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. The vulnerability was fixed in commit 04c2a47ffb13c29778e2a14e414ad4cb5a5db4b5 (Kernel Commit).

Successful exploitation of this vulnerability could allow a local attacker to gain privilege escalation, potentially leading to disclosure of sensitive information, addition or modification of data, or Denial of Service (DoS) (NetApp Advisory).

The primary mitigation is to upgrade to a kernel version containing the fix (commit 04c2a47ffb13c29778e2a14e414ad4cb5a5db4b5). For systems that cannot be immediately upgraded, disabling unprivileged user namespaces can help prevent exploitation (Kernel Commit).