← Volver a CVEs
CVE-2022-0185
HIGHCISA KEV8.4
Descripcion
A heap-based buffer overflow flaw was found in the way the legacy_parse_param function in the Filesystem Context functionality of the Linux kernel verified the supplied parameters length. An unprivileged (in case of unprivileged user namespaces enabled, otherwise needs namespaced CAP_SYS_ADMIN privilege) local user able to open a filesystem that does not support the Filesystem Context API (and thus fallbacks to legacy handling) could use this flaw to escalate their privileges on the system.
Detalles CVE
Puntuacion CVSS v3.18.4
SeveridadHIGH
Vector CVSSCVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vector de ataqueLOCAL
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioNONE
Publicado2/11/2022
Ultima modificacion11/6/2025
Fuentekev
Avistamientos honeypot0
CISA KEV
VendedorLinux
ProductoKernel
Nombre vulnerabilidadLinux Kernel Heap-Based Buffer Overflow Vulnerability
Fecha inclusion KEV2024-08-21
Fecha limite remediacion2024-09-11
Uso en ransomwareUnknown
Productos afectados
linux:linux_kernelnetapp:h300enetapp:h300e_firmwarenetapp:h300snetapp:h300s_firmwarenetapp:h410cnetapp:h410c_firmwarenetapp:h410snetapp:h410s_firmwarenetapp:h500enetapp:h500e_firmwarenetapp:h500snetapp:h500s_firmwarenetapp:h700enetapp:h700e_firmwarenetapp:h700snetapp:h700s_firmware
Debilidades (CWE)
CWE-190CWE-191
Referencias
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=722d94847de2(secalert@redhat.com)
https://github.com/Crusaders-of-Rust/CVE-2022-0185(secalert@redhat.com)
https://security.netapp.com/advisory/ntap-20220225-0003/(secalert@redhat.com)
https://www.openwall.com/lists/oss-security/2022/01/18/7(secalert@redhat.com)
https://www.willsroot.io/2022/01/cve-2022-0185.html(secalert@redhat.com)
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=722d94847de2(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/Crusaders-of-Rust/CVE-2022-0185(af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20220225-0003/(af854a3a-2127-422b-91ae-364da2661108)
https://www.openwall.com/lists/oss-security/2022/01/18/7(af854a3a-2127-422b-91ae-364da2661108)
https://www.willsroot.io/2022/01/cve-2022-0185.html(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-0185(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.