vulnerability

Rocky Linux: CVE-2022-0185: kernel (Multiple Advisories)

Severity
7
CVSS
(AV:L/AC:L/Au:N/C:C/I:C/A:C)
Published
2022-02-11
Added
2022-05-05
Modified
2024-08-28

Description

A heap-based buffer overflow flaw was found in the way the legacy_parse_param function in the Filesystem Context functionality of the Linux kernel verified the supplied parameters length. An unprivileged (in case of unprivileged user namespaces enabled, otherwise needs namespaced CAP_SYS_ADMIN privilege) local user able to open a filesystem that does not support the Filesystem Context API (and thus fallbacks to legacy handling) could use this flaw to escalate their privileges on the system.

Solution(s)

rocky-upgrade-bpftoolrocky-upgrade-bpftool-debuginforocky-upgrade-kernelrocky-upgrade-kernel-corerocky-upgrade-kernel-cross-headersrocky-upgrade-kernel-debugrocky-upgrade-kernel-debug-corerocky-upgrade-kernel-debug-debuginforocky-upgrade-kernel-debug-develrocky-upgrade-kernel-debug-modulesrocky-upgrade-kernel-debug-modules-extrarocky-upgrade-kernel-debuginforocky-upgrade-kernel-debuginfo-common-x86_64rocky-upgrade-kernel-develrocky-upgrade-kernel-headersrocky-upgrade-kernel-modulesrocky-upgrade-kernel-modules-extrarocky-upgrade-kernel-rtrocky-upgrade-kernel-rt-corerocky-upgrade-kernel-rt-debugrocky-upgrade-kernel-rt-debug-corerocky-upgrade-kernel-rt-debug-debuginforocky-upgrade-kernel-rt-debug-develrocky-upgrade-kernel-rt-debug-modulesrocky-upgrade-kernel-rt-debug-modules-extrarocky-upgrade-kernel-rt-debuginforocky-upgrade-kernel-rt-debuginfo-common-x86_64rocky-upgrade-kernel-rt-develrocky-upgrade-kernel-rt-kvmrocky-upgrade-kernel-rt-modulesrocky-upgrade-kernel-rt-modules-extrarocky-upgrade-kernel-toolsrocky-upgrade-kernel-tools-debuginforocky-upgrade-kernel-tools-libsrocky-upgrade-kernel-tools-libs-develrocky-upgrade-perfrocky-upgrade-perf-debuginforocky-upgrade-python3-perfrocky-upgrade-python3-perf-debuginfo
Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.