Heap-based Buffer Overflow Vulnerability in Linux Kernel's Filesystem Context Functionality

Heap-based Buffer Overflow Vulnerability in Linux Kernel's Filesystem Context Functionality

CVE-2022-0185 · HIGH Severity

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

A heap-based buffer overflow flaw was found in the way the legacy_parse_param function in the Filesystem Context functionality of the Linux kernel verified the supplied parameters length. An unprivileged (in case of unprivileged user namespaces enabled, otherwise needs namespaced CAP_SYS_ADMIN privilege) local user able to open a filesystem that does not support the Filesystem Context API (and thus fallbacks to legacy handling) could use this flaw to escalate their privileges on the system.

Learn more about our Cis Benchmark Audit For Distribution Independent Linux.