Lucene search

K
ubuntucveUbuntu.comUB:CVE-2022-0185
HistoryJan 18, 2022 - 12:00 a.m.

CVE-2022-0185

2022-01-1800:00:00
ubuntu.com
ubuntu.com
55

8.4 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.2 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.001 Low

EPSS

Percentile

25.6%

A heap-based buffer overflow flaw was found in the way the
legacy_parse_param function in the Filesystem Context functionality of the
Linux kernel verified the supplied parameters length. An unprivileged (in
case of unprivileged user namespaces enabled, otherwise needs namespaced
CAP_SYS_ADMIN privilege) local user able to open a filesystem that does not
support the Filesystem Context API (and thus fallbacks to legacy handling)
could use this flaw to escalate their privileges on the system.

Notes

Author Note
alexmurray Requires CAP_SYS_ADMIN however this can be done within a new user namespace - so can be mitigated by disabling unprivileged user namespaces.
OSVersionArchitecturePackageVersionFilename
ubuntu20.04noarchlinux< 5.4.0-96.109UNKNOWN
ubuntu21.04noarchlinux< 5.11.0-49.55UNKNOWN
ubuntu21.10noarchlinux< 5.13.0-27.29UNKNOWN
ubuntu20.04noarchlinux-aws< 5.4.0-1063.66UNKNOWN
ubuntu21.04noarchlinux-aws< 5.11.0-1027.30UNKNOWN
ubuntu21.10noarchlinux-aws< 5.13.0-1011.12UNKNOWN
ubuntu20.04noarchlinux-aws-5.11< 5.11.0-1027.30~20.04.1UNKNOWN
ubuntu20.04noarchlinux-aws-5.13< 5.13.0-1011.12~20.04.1UNKNOWN
ubuntu18.04noarchlinux-aws-5.4< 5.4.0-1063.66~18.04.1UNKNOWN
ubuntu20.04noarchlinux-azure< 5.4.0-1067.70UNKNOWN
Rows per page:
1-10 of 551

8.4 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.2 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.001 Low

EPSS

Percentile

25.6%