VDB
DEBIAN-CVE-2022-0185
DEBIAN-CVE-2022-0185
PUBLISHED
CVSS 8.399999618530273 HIGH
A heap-based buffer overflow flaw was found in the way the legacy_parse_param function in the Filesystem Context functionality of the Linux kernel verified the supplied parameters length. An unprivileged (in case of unprivileged user namespaces enabled, otherwise needs namespaced CAP_SYS_ADMIN privilege) local user able to open a filesystem that does not support the Filesystem Context API (and thus fallbacks to legacy handling) could use this flaw to escalate their privileges on the system.
Risk Scores
CVSS v3.1
8.399999618530273
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:12 | linux | 0, 0, 0 |
| Debian:13 | linux | 0, 0, 0 |
| Debian:11 | linux | 5.10.92-1~bpo10+1, 5.10.70-1, 5.10.70-1~bpo10+1 |
| Debian:14 | linux | 0, 0, 0 |
Timeline
- Feb 11, 2022 CVE Published
- Apr 28, 2026 CVE Updated