{"containers":{"cna":{"affected":[{"product":"kernel","vendor":"n/a","versions":[{"status":"affected","version":"8.4"}]}],"descriptions":[{"lang":"en","value":"A heap-based buffer overflow flaw was found in the way the legacy_parse_param function in the Filesystem Context functionality of the Linux kernel verified the supplied parameters length. An unprivileged (in case of unprivileged user namespaces enabled, otherwise needs namespaced CAP_SYS_ADMIN privilege) local user able to open a filesystem that does not support the Filesystem Context API (and thus fallbacks to legacy handling) could use this flaw to escalate their privileges on the system."}],"problemTypes":[{"descriptions":[{"cweId":"CWE-190","description":"Integer Overflow or Wraparound CWE-190","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2022-02-25T09:06:15.000Z","orgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","shortName":"redhat"},"references":[{"tags":["x_refsource_MISC"],"url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=722d94847de2"},{"tags":["x_refsource_MISC"],"url":"https://github.com/Crusaders-of-Rust/CVE-2022-0185"},{"tags":["x_refsource_MISC"],"url":"https://www.openwall.com/lists/oss-security/2022/01/18/7"},{"tags":["x_refsource_MISC"],"url":"https://www.willsroot.io/2022/01/cve-2022-0185.html"},{"tags":["x_refsource_CONFIRM"],"url":"https://security.netapp.com/advisory/ntap-20220225-0003/"}]},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T23:18:42.536Z"},"title":"CVE Program Container","references":[{"tags":["x_refsource_MISC","x_transferred"],"url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=722d94847de2"},{"tags":["x_refsource_MISC","x_transferred"],"url":"https://github.com/Crusaders-of-Rust/CVE-2022-0185"},{"tags":["x_refsource_MISC","x_transferred"],"url":"https://www.openwall.com/lists/oss-security/2022/01/18/7"},{"tags":["x_refsource_MISC","x_transferred"],"url":"https://www.willsroot.io/2022/01/cve-2022-0185.html"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://security.netapp.com/advisory/ntap-20220225-0003/"}]},{"metrics":[{"cvssV3_1":{"scope":"UNCHANGED","version":"3.1","baseScore":8.4,"attackVector":"LOCAL","baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","integrityImpact":"HIGH","userInteraction":"NONE","attackComplexity":"LOW","availabilityImpact":"HIGH","privilegesRequired":"NONE","confidentialityImpact":"HIGH"}},{"other":{"type":"kev","content":{"dateAdded":"2024-08-21","reference":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-0185"}}},{"other":{"type":"ssvc","content":{"id":"CVE-2022-0185","role":"CISA Coordinator","options":[{"Exploitation":"active"},{"Automatable":"no"},{"Technical Impact":"total"}],"version":"2.0.3","timestamp":"2024-08-22T12:49:08.646375Z"}}}],"affected":[{"cpes":["cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"],"vendor":"linux","product":"linux_kernel","versions":[{"status":"affected","version":"8.4"}],"defaultStatus":"unknown"}],"references":[{"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-0185","tags":["government-resource"]}],"timeline":[{"time":"2024-08-21T00:00:00.000Z","lang":"en","value":"CVE-2022-0185 added to CISA KEV"}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-10-21T23:15:46.536Z"}}]},"cveMetadata":{"assignerOrgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","assignerShortName":"redhat","cveId":"CVE-2022-0185","datePublished":"2022-02-11T17:40:57.000Z","dateReserved":"2022-01-11T00:00:00.000Z","dateUpdated":"2025-10-21T23:15:46.536Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"}