Linux Kernel Heap-Based Buffer Overflow Vulnerability

Added Aug. 21, 2024 • Due Sept. 11, 2024 • CVE-2022-0185

Overdue Linux / Kernel CWE-190

Description

Linux kernel contains a heap-based buffer overflow vulnerability in the legacy_parse_param function in the Filesystem Context functionality. This allows an attacker to open a filesystem that does not support the Filesystem Context API and ultimately escalate privileges.

Required Action

Apply updates per vendor instructions or discontinue use of the product if updates are unavailable.

References

This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. For more information, please see: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=722d94847de2
https://nvd.nist.gov/vuln/detail/CVE-2022-0185

Additional Information

Catalog Version: 2025.01.24
Catalog Released: Jan. 24, 2025
Days Until Due: 0 days
Last Updated: 4 months, 2 weeks ago