CVE-2022-0185
See a problem?- Source
- https://nvd.nist.gov/vuln/detail/CVE-2022-0185
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-0185.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2022-0185
- Aliases
-
- A-213172369
- PUB-A-213172369
- Related
- Published
- 2022-02-11T18:15:10Z
- Modified
- 2024-09-18T03:18:57.284952Z
- Severity
-
- 8.4 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
A heap-based buffer overflow flaw was found in the way the legacyparseparam function in the Filesystem Context functionality of the Linux kernel verified the supplied parameters length. An unprivileged (in case of unprivileged user namespaces enabled, otherwise needs namespaced CAPSYSADMIN privilege) local user able to open a filesystem that does not support the Filesystem Context API (and thus fallbacks to legacy handling) could use this flaw to escalate their privileges on the system.
- References
-
- https://security.netapp.com/advisory/ntap-20220225-0003/
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=722d94847de2
- https://www.openwall.com/lists/oss-security/2022/01/18/7
- https://github.com/Crusaders-of-Rust/CVE-2022-0185
- https://www.willsroot.io/2022/01/cve-2022-0185.html
- https://security-tracker.debian.org/tracker/CVE-2022-0185
Affected packages
Debian:11 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Debian:12 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Debian:13 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source