CVE-2022-0185
8.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
A heap-based buffer overflow flaw was found in the way the legacy_parse_param function in the Filesystem Context functionality of the Linux kernel verified the supplied parameters length. An unprivileged (in case of unprivileged user namespaces enabled, otherwise needs namespaced CAP_SYS_ADMIN privilege) local user able to open a filesystem that does not support the Filesystem Context API (and thus fallbacks to legacy handling) could use this flaw to escalate their privileges on the system.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | kernel | 8.4 | affected |
Weaknesses
- CWE-190: Integer Overflow or Wraparound CWE-190
ADP Enrichment
CVE Program Container
Additional References
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=722d94847de2
- https://github.com/Crusaders-of-Rust/CVE-2022-0185
- https://www.openwall.com/lists/oss-security/2022/01/18/7
- https://www.willsroot.io/2022/01/cve-2022-0185.html
- https://security.netapp.com/advisory/ntap-20220225-0003/
CISA ADP Vulnrichment
- SSVC:
- Exploitation: active
- Automatable: no
- Technical Impact: total
Additional References
References
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=722d94847de2
- https://github.com/Crusaders-of-Rust/CVE-2022-0185
- https://www.openwall.com/lists/oss-security/2022/01/18/7
- https://www.willsroot.io/2022/01/cve-2022-0185.html
- https://security.netapp.com/advisory/ntap-20220225-0003/
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.