Bug 2040358 (CVE-2022-0185) - CVE-2022-0185 kernel: fs_context: heap overflow in legacy parameter handling
Summary: CVE-2022-0185 kernel: fs_context: heap overflow in legacy parameter handling
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2022-0185
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2040577 2040578 2040579 2040580 2040581 2040582 2040583 2040584 2040585 2040586 2040587 2040588 2040590 2040591 2040592 2040593 2040658 2042052
Blocks: 2040359
TreeView+ depends on / blocked
 
Reported: 2022-01-13 14:45 UTC by Marian Rehak
Modified: 2022-07-06 14:05 UTC (History)
74 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
A heap-based buffer overflow flaw was found in the way the legacy_parse_param function in the Filesystem Context functionality of the Linux kernel verified the supplied parameters length. An unprivileged (in case of unprivileged user namespaces enabled, otherwise needs namespaced CAP_SYS_ADMIN privilege) local user able to open a filesystem that does not support the Filesystem Context API (and thus fallbacks to legacy handling) could use this flaw to escalate their privileges on the system.
Clone Of:
Environment:
Last Closed: 2022-05-11 15:15:27 UTC

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2022:0238 0 None None None 2022-01-24 14:08:54 UTC
Red Hat Product Errata RHSA-2022:0176 0 None None None 2022-01-19 09:59:51 UTC
Red Hat Product Errata RHSA-2022:0186 0 None None None 2022-01-19 14:42:44 UTC
Red Hat Product Errata RHSA-2022:0187 0 None None None 2022-01-19 14:18:58 UTC
Red Hat Product Errata RHSA-2022:0188 0 None None None 2022-01-19 15:07:06 UTC
Red Hat Product Errata RHSA-2022:0231 0 None None None 2022-01-24 09:48:51 UTC
Red Hat Product Errata RHSA-2022:0232 0 None None None 2022-01-24 09:43:49 UTC
Red Hat Product Errata RHSA-2022:0540 0 None None None 2022-02-15 10:59:08 UTC

Description Marian Rehak 2022-01-13 14:45:48 UTC 
A heap-based buffer overflow flaw was found in the way the legacy_parse_param function in the Filesystem Context functionality of the Linux kernel verified the supplied parameters length. An unprivileged (in case of unprivileged user namespaces enabled, otherwise needs namespaced CAP_SYS_ADMIN privilege) local user able to open a filesystem that does not support the Filesystem Context API (and thus fallbacks to legacy handling) could use this flaw to escalate their privileges on the system.

References:
https://www.openwall.com/lists/oss-security/2022/01/18/7
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=722d94847de2
Comment 14 Petr Matousek 2022-01-18 09:52:26 UTC 
Upstream patch:

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=722d94847de2
Comment 20 Rohit Keshri 2022-01-18 18:42:48 UTC 
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 2042052]
Comment 22 errata-xmlrpc 2022-01-19 09:59:47 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2022:0176 https://access.redhat.com/errata/RHSA-2022:0176
Comment 23 errata-xmlrpc 2022-01-19 14:18:53 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Extended Update Support

Via RHSA-2022:0187 https://access.redhat.com/errata/RHSA-2022:0187
Comment 24 errata-xmlrpc 2022-01-19 14:42:39 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Extended Update Support

Via RHSA-2022:0186 https://access.redhat.com/errata/RHSA-2022:0186
Comment 25 errata-xmlrpc 2022-01-19 15:07:03 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2022:0188 https://access.redhat.com/errata/RHSA-2022:0188
Comment 26 errata-xmlrpc 2022-01-24 09:43:45 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2022:0232 https://access.redhat.com/errata/RHSA-2022:0232
Comment 27 errata-xmlrpc 2022-01-24 09:48:47 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Extended Update Support

Via RHSA-2022:0231 https://access.redhat.com/errata/RHSA-2022:0231
Comment 45 errata-xmlrpc 2022-02-15 10:59:03 UTC 
This issue has been addressed in the following products:

  Red Hat Virtualization 4 for Red Hat Enterprise Linux 8

Via RHSA-2022:0540 https://access.redhat.com/errata/RHSA-2022:0540
Comment 46 Product Security DevOps Team 2022-05-11 15:15:23 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2022-0185
Note You need to log in before you can comment on or make changes to this bug.