← Retour aux CVEs
CVE-2022-0185
HIGHCISA KEV8.4
Description
A heap-based buffer overflow flaw was found in the way the legacy_parse_param function in the Filesystem Context functionality of the Linux kernel verified the supplied parameters length. An unprivileged (in case of unprivileged user namespaces enabled, otherwise needs namespaced CAP_SYS_ADMIN privilege) local user able to open a filesystem that does not support the Filesystem Context API (and thus fallbacks to legacy handling) could use this flaw to escalate their privileges on the system.
Details CVE
Score CVSS v3.18.4
SeveriteHIGH
Vecteur CVSSCVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vecteur d'attaqueLOCAL
ComplexiteLOW
Privileges requisNONE
Interaction utilisateurNONE
Publie2/11/2022
Derniere modification11/6/2025
Sourcekev
Observations honeypot0
CISA KEV
FournisseurLinux
ProduitKernel
Nom vulnerabiliteLinux Kernel Heap-Based Buffer Overflow Vulnerability
Date ajout KEV2024-08-21
Date limite remediation2024-09-11
Utilise dans ransomwareUnknown
Produits affectes
linux:linux_kernelnetapp:h300enetapp:h300e_firmwarenetapp:h300snetapp:h300s_firmwarenetapp:h410cnetapp:h410c_firmwarenetapp:h410snetapp:h410s_firmwarenetapp:h500enetapp:h500e_firmwarenetapp:h500snetapp:h500s_firmwarenetapp:h700enetapp:h700e_firmwarenetapp:h700snetapp:h700s_firmware
Faiblesses (CWE)
CWE-190CWE-191
References
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=722d94847de2(secalert@redhat.com)
https://github.com/Crusaders-of-Rust/CVE-2022-0185(secalert@redhat.com)
https://security.netapp.com/advisory/ntap-20220225-0003/(secalert@redhat.com)
https://www.openwall.com/lists/oss-security/2022/01/18/7(secalert@redhat.com)
https://www.willsroot.io/2022/01/cve-2022-0185.html(secalert@redhat.com)
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=722d94847de2(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/Crusaders-of-Rust/CVE-2022-0185(af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20220225-0003/(af854a3a-2127-422b-91ae-364da2661108)
https://www.openwall.com/lists/oss-security/2022/01/18/7(af854a3a-2127-422b-91ae-364da2661108)
https://www.willsroot.io/2022/01/cve-2022-0185.html(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-0185(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.