CVE-2022-0185

Source
https://nvd.nist.gov/vuln/detail/CVE-2022-0185
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-0185.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2022-0185
Aliases
Downstream
Related
Published
2022-02-11T18:15:10Z
Modified
2025-08-09T20:01:26Z
Severity
  • 8.4 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

A heap-based buffer overflow flaw was found in the way the legacyparseparam function in the Filesystem Context functionality of the Linux kernel verified the supplied parameters length. An unprivileged (in case of unprivileged user namespaces enabled, otherwise needs namespaced CAPSYSADMIN privilege) local user able to open a filesystem that does not support the Filesystem Context API (and thus fallbacks to legacy handling) could use this flaw to escalate their privileges on the system.

References

Affected packages