Lucene search

K
cvelistRedhatCVELIST:CVE-2022-0185
HistoryFeb 11, 2022 - 5:40 p.m.

CVE-2022-0185

2022-02-1117:40:57
CWE-190
redhat
www.cve.org
1

8.4 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

25.6%

A heap-based buffer overflow flaw was found in the way the legacy_parse_param function in the Filesystem Context functionality of the Linux kernel verified the supplied parameters length. An unprivileged (in case of unprivileged user namespaces enabled, otherwise needs namespaced CAP_SYS_ADMIN privilege) local user able to open a filesystem that does not support the Filesystem Context API (and thus fallbacks to legacy handling) could use this flaw to escalate their privileges on the system.

CNA Affected

[
  {
    "product": "kernel",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "8.4"
      }
    ]
  }
]