← back
CVE-2022-0185

CVE-2022-0185

CVSS 8.4 HIGHEPSS 25.2%● KEVCWE-190
In short

A flaw in the Linux kernel's filesystem parameter handling allows a local user to overflow a memory buffer and gain unauthorized system privileges. This happens when the system processes filesystem options using outdated code that doesn't properly check input size.

Technical detail

A heap-based buffer overflow exists in legacy_parse_param function due to insufficient length validation of supplied parameters. An unprivileged local attacker (or with namespaced CAP_SYS_ADMIN) can trigger this via filesystems lacking Filesystem Context API support, leading to privilege escalation.

Summary generated and translated by AI from the official description.
A heap-based buffer overflow flaw was found in the way the legacy_parse_param function in the Filesystem Context functionality of the Linux kernel verified the supplied parameters length. An unprivileged (in case of unprivileged user namespaces enabled, otherwise needs namespaced CAP_SYS_ADMIN privilege) local user able to open a filesystem that does not support the Filesystem Context API (and thus fallbacks to legacy handling) could use this flaw to escalate their privileges on the system.
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
n/a · kernel
public PoCs found10
githubgithub.com/Crusaders-of-Rust/CVE-2022-0185375githubgithub.com/chenaotian/CVE-2022-018537githubgithub.com/veritas501/CVE-2022-0185-PipeVersion16githubgithub.com/discordianfish/cve-2022-0185-crash-poc5githubgithub.com/featherL/CVE-2022-0185-exploit3githubgithub.com/dcheng69/CVE-2022-0185-Case-Study3githubgithub.com/shakyanayann/CVE-2022-01850githubgithub.com/sandesh9978/CVE-2022-0185-Analysis-and-Exploit0githubgithub.com/prabeershakya/CVE-2022-0185-POC0githubgithub.com/khaclep007/CVE-2022-01850
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/Crusaders-of-Rust/CVE-2022-0185https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=722d94847de2https://security.netapp.com/advisory/ntap-20220225-0003/https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-0185https://www.openwall.com/lists/oss-security/2022/01/18/7https://www.willsroot.io/2022/01/cve-2022-0185.html