← Voltar para CVEs
CVE-2022-0185
HIGHCISA KEV8.4
Descricao
A heap-based buffer overflow flaw was found in the way the legacy_parse_param function in the Filesystem Context functionality of the Linux kernel verified the supplied parameters length. An unprivileged (in case of unprivileged user namespaces enabled, otherwise needs namespaced CAP_SYS_ADMIN privilege) local user able to open a filesystem that does not support the Filesystem Context API (and thus fallbacks to legacy handling) could use this flaw to escalate their privileges on the system.
Detalhes CVE
Pontuacao CVSS v3.18.4
SeveridadeHIGH
Vetor CVSSCVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vetor de ataqueLOCAL
ComplexidadeLOW
Privilegios necessariosNONE
Interacao do usuarioNONE
Publicado2/11/2022
Ultima modificacao11/6/2025
Fontekev
Avistamentos honeypot0
CISA KEV
FornecedorLinux
ProdutoKernel
Nome da vulnerabilidadeLinux Kernel Heap-Based Buffer Overflow Vulnerability
Data inclusao KEV2024-08-21
Prazo de remediacao2024-09-11
Uso em ransomwareUnknown
Produtos afetados
linux:linux_kernelnetapp:h300enetapp:h300e_firmwarenetapp:h300snetapp:h300s_firmwarenetapp:h410cnetapp:h410c_firmwarenetapp:h410snetapp:h410s_firmwarenetapp:h500enetapp:h500e_firmwarenetapp:h500snetapp:h500s_firmwarenetapp:h700enetapp:h700e_firmwarenetapp:h700snetapp:h700s_firmware
Fraquezas (CWE)
CWE-190CWE-191
Referencias
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=722d94847de2(secalert@redhat.com)
https://github.com/Crusaders-of-Rust/CVE-2022-0185(secalert@redhat.com)
https://security.netapp.com/advisory/ntap-20220225-0003/(secalert@redhat.com)
https://www.openwall.com/lists/oss-security/2022/01/18/7(secalert@redhat.com)
https://www.willsroot.io/2022/01/cve-2022-0185.html(secalert@redhat.com)
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=722d94847de2(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/Crusaders-of-Rust/CVE-2022-0185(af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20220225-0003/(af854a3a-2127-422b-91ae-364da2661108)
https://www.openwall.com/lists/oss-security/2022/01/18/7(af854a3a-2127-422b-91ae-364da2661108)
https://www.willsroot.io/2022/01/cve-2022-0185.html(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-0185(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.