Vulnerabilities > CVE-2022-0185 - Integer Underflow (Wrap or Wraparound) vulnerability in multiple products

047910
CVSS 8.4 - HIGH
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
local
low complexity
linux
netapp
CWE-191

Summary

A heap-based buffer overflow flaw was found in the way the legacy_parse_param function in the Filesystem Context functionality of the Linux kernel verified the supplied parameters length. An unprivileged (in case of unprivileged user namespaces enabled, otherwise needs namespaced CAP_SYS_ADMIN privilege) local user able to open a filesystem that does not support the Filesystem Context API (and thus fallbacks to legacy handling) could use this flaw to escalate their privileges on the system.

Vulnerable Configurations

Part Description Count
OS
Linux
655
OS
Netapp
8
Hardware
Netapp
8

Common Weakness Enumeration (CWE)