A heap-based buffer overflow flaw was found in the way the legacy_parse_param function in the Filesystem Context functionality of the Linux kernel verified the supplied parameters length. An unprivileged (in case of unprivileged user namespaces enabled, otherwise needs namespaced CAP_SYS_ADMIN privilege) local user able to open a filesystem that does not support the Filesystem Context API (and thus fallbacks to legacy handling) could use this flaw to escalate their privileges on the system.
The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.
The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result.
| Link | Tags |
|---|---|
| https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=722d94847de2 | patch mailing list |
| https://github.com/Crusaders-of-Rust/CVE-2022-0185 | third party advisory exploit |
| https://www.openwall.com/lists/oss-security/2022/01/18/7 | patch mailing list third party advisory |
| https://www.willsroot.io/2022/01/cve-2022-0185.html | third party advisory exploit |
| https://security.netapp.com/advisory/ntap-20220225-0003/ | third party advisory |