Integer overflow in Kernel
CVE-2022-0185
A heap-based buffer overflow flaw was found in the way the legacy_parse_param function in the Filesystem Context functionality of the Linux kernel verified the supplied parameters length. An unprivileged (in case of unprivileged user names…
Vulnerability class: Integer Overflow
EPSS: 0.018 (83.2th percentile) — read the EPSS interpretation.
Affected products
- N/a Kernel — versions 8.4
Weakness classification (CWE)
CISA KEV (Known Exploited Vulnerabilities)
This CVE is on the CISA KEV catalog, added on . CISA KEV inclusion means CISA has confirmed in-the-wild exploitation; US federal agencies are required to remediate within a published due date.
BOD 22-01 due date: .
Required action: Apply updates per vendor instructions or discontinue use of the product if updates are unavailable.
Public proof-of-concept exploits
- Crusaders-of-Rust/CVE-2022-0185
- chenaotian/CVE-2022-0185
- veritas501/CVE-2022-0185-PipeVersion
- discordianfish/cve-2022-0185-crash-poc
- dcheng69/CVE-2022-0185-Case-Study
- featherL/CVE-2022-0185-exploit
- sandesh9978/CVE-2022-0185-Analysis-and-Exploit
- shakyanayann/CVE-2022-0185
- prabeershakya/CVE-2022-0185-POC
- khaclep007/CVE-2022-0185
References
- git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/ (x_refsource_MISC)
- github.com/Crusaders-of-Rust/CVE-2022-0185 (x_refsource_MISC)
- www.openwall.com/lists/oss-security/2022/01/18/7 (x_refsource_MISC)
- www.willsroot.io/2022/01/cve-2022-0185.html (x_refsource_MISC)
- security.netapp.com/advisory/ntap-20220225-0003/ (x_refsource_CONFIRM)
Frequently asked questions
- What is CVE-2022-0185?
- CVE-2022-0185 is a vulnerability in Kernel, classified under Integer Overflow or Wraparound. Published 2022-02-11.
- Is CVE-2022-0185 known to be exploited?
- Yes. CVE-2022-0185 is listed in the CISA Known Exploited Vulnerabilities catalog (added 2024-08-21), indicating it is being actively exploited. 106 public proof-of-concept repositories are indexed.