Support Us — Your donation helps us keep running

Goal: 1000 CNY,Raised: 1000 CNY

100.0%
Donate Now
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2022-0185
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
A heap-based buffer overflow flaw was found in the way the legacy_parse_param function in the Filesystem Context functionality of the Linux kernel verified the supplied parameters length. An unprivileged (in case of unprivileged user namespaces enabled, otherwise needs namespaced CAP_SYS_ADMIN privilege) local user able to open a filesystem that does not support the Filesystem Context API (and thus fallbacks to legacy handling) could use this flaw to escalate their privileges on the system.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
整数溢出或超界折返
Source: NVD (National Vulnerability Database)
Vulnerability Title
Linux kernel 数字错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel 存在数字错误漏洞,该漏洞源于在 Linux kernel 的 Filesystem Context 中的 legacy_parse_param 函数验证提供的参数长度的方式中发现了一个基于堆的缓冲区溢出缺陷。 非特权(在启用非特权用户命名空间的情况下,否则需要命名空间的 CAP_SYS_ADMIN 特权)本地用户能够打开不支持文件系统上下文 API 的文件系统(因此回退到遗留处理)可以使用此缺陷
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
VendorProductAffected VersionsCPESubscribe
-kernel 8.4 -
II. Public POCs for CVE-2022-0185
#POC DescriptionSource LinkShenlong Link
1CVE-2022-0185https://github.com/Crusaders-of-Rust/CVE-2022-0185POC Details
2Nonehttps://github.com/discordianfish/cve-2022-0185-crash-pocPOC Details
3Nonehttps://github.com/khaclep007/CVE-2022-0185POC Details
4CVE-2022-0185 POC and Docker and Analysis write uphttps://github.com/chenaotian/CVE-2022-0185POC Details
5kctf exploithttps://github.com/shahparkhan/cve-2022-0185POC Details
6CVE-2022-0185 exploit rewritten with pipe primitivehttps://github.com/veritas501/CVE-2022-0185-PipeVersionPOC Details
7CVE-2022-0185 exploithttps://github.com/featherL/CVE-2022-0185-exploitPOC Details
8Nonehttps://github.com/dcheng69/CVE-2022-0185-Case-StudyPOC Details
AI-Generated POCPremium

No public POC found.

Login to generate AI POC
III. Intelligence Information for CVE-2022-0185
Please Login to view more intelligence information
New Vulnerabilities
Product: kernel
Vendor: n/a
Same weakness: CWE-190
V. Comments for CVE-2022-0185

No comments yet

Leave a comment