CVE-2022-0185

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-0185

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-0185.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2022-0185

Aliases

A-213172369
PUB-A-213172369

Downstream

DEBIAN-CVE-2022-0185

DSA-5050-1

RHSA-2022:0176

RHSA-2022:0186

RHSA-2022:0187

RHSA-2022:0188

RHSA-2022:0231

RHSA-2022:0232

RHSA-2022:0540

SUSE-SU-2022:0169-1

SUSE-SU-2022:0197-1

SUSE-SU-2022:0198-1

SUSE-SU-2022:0238-1

SUSE-SU-2022:0239-1

SUSE-SU-2022:0241-1

SUSE-SU-2022:0254-1

SUSE-SU-2022:0257-1

SUSE-SU-2022:0262-1

SUSE-SU-2022:0270-1

SUSE-SU-2022:0288-1

SUSE-SU-2022:0289-1

SUSE-SU-2022:0291-1

SUSE-SU-2022:0292-1

SUSE-SU-2022:0293-1

SUSE-SU-2022:0295-1

UBUNTU-CVE-2022-0185

LSN-0084-1

USN-5240-1

USN-5362-1

openSUSE-SU-2022:0169-1

openSUSE-SU-2022:0198-1

openSUSE-SU-2024:11775-1

openSUSE-SU-2024:13704-1

Related

Published

2022-02-11T18:15:10Z

Modified

2025-08-09T20:01:26Z

Severity

8.4 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

A heap-based buffer overflow flaw was found in the way the legacyparseparam function in the Filesystem Context functionality of the Linux kernel verified the supplied parameters length. An unprivileged (in case of unprivileged user namespaces enabled, otherwise needs namespaced CAPSYSADMIN privilege) local user able to open a filesystem that does not support the Filesystem Context API (and thus fallbacks to legacy handling) could use this flaw to escalate their privileges on the system.

References

Affected packages