CVE-2022-0185
A heap-based buffer overflow flaw was found in the way the legacy_parse_param function in the Filesystem Context functionality of the Linux kernel...
Basic Information
- CVE State
- PUBLISHED
- Reserved Date
- January 11, 2022
- Published Date
- February 11, 2022
- Last Updated
- August 22, 2024
- Vendor
- n/a
- Product
- kernel
- Description
- A heap-based buffer overflow flaw was found in the way the legacy_parse_param function in the Filesystem Context functionality of the Linux kernel verified the supplied parameters length. An unprivileged (in case of unprivileged user namespaces enabled, otherwise needs namespaced CAP_SYS_ADMIN privilege) local user able to open a filesystem that does not support the Filesystem Context API (and thus fallbacks to legacy handling) could use this flaw to escalate their privileges on the system.
CVSS Scores
CVSS v3.1
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
SSVC Information
- Exploitation
- active
- Technical Impact
- total
References
Known Exploited Vulnerability Information
| Source | Added Date |
|---|---|
| CISA | 2024-08-21 00:00:00 UTC |
Potential Proof of Concepts
Warning: These PoCs have not been tested and could contain malware. Use at your own risk.
dcheng69/CVE-2022-0185-Case-Study
Type: github • Created: 2024-04-15 02:42:43 UTC • Stars: 3
featherL/CVE-2022-0185-exploit
Type: github • Created: 2022-04-14 10:46:04 UTC • Stars: 3
veritas501/CVE-2022-0185-PipeVersion
Type: github • Created: 2022-04-05 07:48:35 UTC • Stars: 16
chenaotian/CVE-2022-0185
Type: github • Created: 2022-02-18 09:27:34 UTC • Stars: 37
Crusaders-of-Rust/CVE-2022-0185
Type: github • Created: 2022-01-19 06:19:38 UTC • Stars: 369