CVE-2022-0185

Advisory lineage Upstream: 0 Downstream: 35

Downstream

DEBIAN-CVE-2022-0185 DSA-5050-1 LSN-0084-1 MGASA-2022-0026 MGASA-2022-0027 OPENSUSE-SU-2022:0169-1

Analyzed

Published: 11 Feb 2022, 17:40

Last modified:21 Oct 2025, 23:15

Vulnerability Summary

Overall Risk (default)

medium

44/100

CVSS Score

8.4 HIGH

v3.1 (cve.org)

EPSS Score

1.8% LOW

2% probability +0.78%

KEV

Listed

CISA

1 listing

Ransomware

No reports

Public exploits

2 found

Dark Web

Not detected

Timeline

11 Feb 2022, 17:40

Published

Vulnerability first disclosed

21 Aug 2024, 00:00

Added to CISA KEV

Linux Kernel Heap-Based Buffer Overflow Vulnerability

11 Sept 2024, 00:00

CISA Remediation Due

Apply updates per vendor instructions or discontinue use of the product if updates are unavailable.

21 Oct 2025, 23:15

Last Modified

Vulnerability information updated

Description

A heap-based buffer overflow flaw was found in the way the legacy_parse_param function in the Filesystem Context functionality of the Linux kernel verified the supplied parameters length. An unprivileged (in case of unprivileged user namespaces enabled, otherwise needs namespaced CAP_SYS_ADMIN privilege) local user able to open a filesystem that does not support the Filesystem Context API (and thus fallbacks to legacy handling) could use this flaw to escalate their privileges on the system.

CVSS Metrics

v3.1•HIGH•Score: 8.4CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
v2.0•HIGH•Score: 7.2AV:L/AC:L/Au:N/C:C/I:C/A:C

EPSS Trends

Current EPSS score: 1.80%• Percentile: 83%

Techniques & Countermeasures

CWE-191•Integer Underflow (Wrap or Wraparound)
The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result.
CWE-190•Integer Overflow or Wraparound
The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.

Affected Systems

linux•linux_kernel
≥ 5.1, < 5.4.173 | ≥ 5.5, < 5.10.93 | ≥ 5.11, < 5.15.16 | ≥ 5.16, < 5.16.2
netapp•h300e
na
netapp•h300s_firmware
na
netapp•h410c_firmware
na
netapp•h410s_firmware
na
netapp•h500e
na
netapp•h500s_firmware
na
netapp•h700e
na
netapp•h700s_firmware
na