Vulnerability — CVE-2022-0185

CVE-2022-0185

Reference to the description:: https://nvd.nist.gov/vuln/detail/CVE-2022-0185
Description:: A heap-based buffer overflow flaw was found in the way the legacy_parse_param function in the Filesystem Context functionality of the Linux kernel verified the supplied parameters length. An unprivileged (in case of unprivileged user namespaces enabled, otherwise needs namespaced CAP_SYS_ADMIN privilege) local user able to open a filesystem that does not support the Filesystem Context API (and thus fallbacks to legacy handling) could use this flaw to escalate their privileges on the system.
Last updated date:: 09/04/2024

ACTIVELY EXPLOITED

Type:: exploitation
Confidence:: HIGH
Date of publishing:: 08/21/2024
Reference url to background: https://www.cisa.gov/known-exploited-vulnerabilities-catalog

Type:: exploit
Confidence:: HIGH
Date of publishing:: 01/19/2022
Reference url to background: https://github.com/Crusaders-of-Rust/CVE-2022-0185

Type:: exploit
Confidence:: HIGH
Date of publishing:: 01/26/2022
Reference url to background: https://github.com/discordianfish/cve-2022-0185-crash-poc

Type:: exploit
Confidence:: HIGH
Date of publishing:: 02/22/2022
Reference url to background: https://github.com/Crusaders-of-Rust/CVE-2022-0185

Type:: exploit
Confidence:: HIGH
Date of publishing:: 02/22/2022
Reference url to background: https://www.willsroot.io/2022/01/cve-2022-0185.html

Type:: exploit
Confidence:: HIGH
Date of publishing:: 04/05/2022
Reference url to background: https://github.com/veritas501/CVE-2022-0185-PipeVersion

Type:: exploit
Confidence:: HIGH
Date of publishing:: 04/14/2022
Reference url to background: https://github.com/featherL/CVE-2022-0185-exploit

Type:: exploit
Confidence:: HIGH
Date of publishing:: 04/15/2024
Reference url to background: https://github.com/dcheng69/CVE-2022-0185-Case-Study