CVE-2022-0185

Warning

Exploit

EPSS 1.04%
Published 11.02.2022 18:15:10
Last modified 03.04.2025 16:08:21
Source secalert@redhat.com
Teams watchlist Login
Open Login

A heap-based buffer overflow flaw was found in the way the legacy_parse_param function in the Filesystem Context functionality of the Linux kernel verified the supplied parameters length. An unprivileged (in case of unprivileged user namespaces enabled, otherwise needs namespaced CAP_SYS_ADMIN privilege) local user able to open a filesystem that does not support the Filesystem Context API (and thus fallbacks to legacy handling) could use this flaw to escalate their privileges on the system.

Affected products Warnungen 1 Metrics 4 CWE 2 References 8

Data is provided by the National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version >= 5.1 < 5.4.173

Linux ≫ Linux Kernel Version >= 5.5 < 5.10.93

Linux ≫ Linux Kernel Version >= 5.11 < 5.15.16

Linux ≫ Linux Kernel Version >= 5.16 < 5.16.2

Netapp ≫ H410c Firmware Version-

Netapp ≫ H410c Version-

Netapp ≫ H300s Firmware Version-

Netapp ≫ H300s Version-

Netapp ≫ H500s Firmware Version-

Netapp ≫ H500s Version-

Netapp ≫ H700s Firmware Version-

Netapp ≫ H700s Version-

Netapp ≫ H300e Firmware Version-

Netapp ≫ H300e Version-

Netapp ≫ H500e Firmware Version-

Netapp ≫ H500e Version-

Netapp ≫ H700e Firmware Version-

Netapp ≫ H700e Version-

Netapp ≫ H410s Firmware Version-

Netapp ≫ H410s Version-

21.08.2024: CISA Known Exploited Vulnerabilities (KEV) Catalog

Linux Kernel Heap-Based Buffer Overflow Vulnerability

Vulnerability

Linux kernel contains a heap-based buffer overflow vulnerability in the legacy_parse_param function in the Filesystem Context functionality. This allows an attacker to open a filesystem that does not support the Filesystem Context API and ultimately escalate privileges.

Description

Apply updates per vendor instructions or discontinue use of the product if updates are unavailable.

Required actions

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	1.04%	0.767

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	8.4	2.5	5.9	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.2	3.9	10	AV:L/AC:L/Au:N/C:C/I:C/A:C
134c704f-9b21-4f2e-91b3-4a467353bcc0	8.4	2.5	5.9	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-190 Integer Overflow or Wraparound

The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.

CWE-191 Integer Underflow (Wrap or Wraparound)

The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result.

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=722d94847de2

Patch

Mailing List

https://github.com/Crusaders-of-Rust/CVE-2022-0185

Third Party Advisory

Exploit

https://security.netapp.com/advisory/ntap-20220225-0003/

Third Party Advisory

https://www.openwall.com/lists/oss-security/2022/01/18/7

Patch

Third Party Advisory

Mailing List