8.4
CVSSv3

CVE-2022-0185

Published: 11/02/2022 Updated: 29/03/2022
CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9
CVSS v3 Base Score: 8.4 | Impact Score: 5.9 | Exploitability Score: 2.5
Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Summary

It exists that the BPF verifier in the Linux kernel did not properly restrict pointer types in certain situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-23222) ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

linux linux kernel

netapp h410c_firmware -

netapp h300s_firmware -

netapp h500s_firmware -

netapp h700s_firmware -

netapp h300e_firmware -

netapp h500e_firmware -

netapp h700e_firmware -

netapp h410s_firmware -

Vendor Advisories

Synopsis Important: Red Hat Virtualization Host security update [ovirt-4410-1] Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for redhat-release-virtualization-host and redhat-virtualization-host is now avail ...
A heap-based buffer overflow flaw was found in the way the legacy_parse_param function in the Filesystem Context functionality of the Linux kernel verified the supplied parameters length An unprivileged (in case of unprivileged user namespaces enabled, otherwise needs namespaced CAP_SYS_ADMIN privilege) local user able to open a filesystem that do ...
A data leak flaw was found in the way XFS_IOC_ALLOCSP IOCTL in the XFS filesystem allowed for size increase of files with unaligned size A local attacker could use this flaw to leak data on the XFS filesystem otherwise not accessible to them (CVE-2021-4155) A heap-based buffer overflow flaw was found in the way the legacy_parse_param function in ...
Synopsis Moderate: OpenShift Container Platform 4742 security update Type/Severity Security Advisory: Moderate Topic Red Hat OpenShift Container Platform release 4742 is now available withupdates to packages and images that fix several bugs and add enhancementsThis release includes a security update for Red Hat OpenShift Container Platfo ...
Synopsis Important: Red Hat Advanced Cluster Management 236 security updates and bug fixes Type/Severity Security Advisory: Important Topic Red Hat Advanced Cluster Management for Kubernetes 236 General Availabilityrelease images, which provide security updates and bug fixes Description Red Hat Advanced Cluster Management for Kubernete ...
Synopsis Important: Red Hat Advanced Cluster Management 242 security updates and bug fixes Type/Severity Security Advisory: Important Topic Red Hat Advanced Cluster Management for Kubernetes 242 General Availabilityrelease images This update provides security fixes, fixes bugs, and updates the container imagesRed Hat Product Security ha ...
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks CVE-2021-4155 Kirill Tkhai discovered a data leak in the way the XFS_IOC_ALLOCSP IOCTL in the XFS filesystem allowed for a size increase of files with unaligned size A local attacker can tak ...
Several security issues were fixed in the Linux kernel ...
A denial of service flaw for virtual machine guests in the Linux kernel's Xen hypervisor subsystem was found in the way users call some interrupts with high frequency from one of the guestsA local user could use this flaw to starve the resources resulting in a denial of service (CVE-2021-28711) A denial of service flaw for virtual machine guests ...
A heap-based buffer overflow flaw was found in the way the legacy_parse_param function in the Filesystem Context functionality of the Linux kernel verified the supplied parameters length An unprivileged (in case of unprivileged user namespaces enabled, otherwise needs namespaced CAP_SYS_ADMIN privilege) local user able to open a filesystem that do ...
A denial of service flaw for virtual machine guests in the Linux kernel's Xen hypervisor subsystem was found in the way users call some interrupts with high frequency from one of the guestsA local user could use this flaw to starve the resources resulting in a denial of service (CVE-2021-28711) A denial of service flaw for virtual machine guests ...
Synopsis Moderate: Red Hat Advanced Cluster Management 2211 security updates and bug fixes Type/Severity Security Advisory: Moderate Topic Red Hat Advanced Cluster Management for Kubernetes 2211 General Availability release images, which provide one or more container updates and bug fixesRed Hat Product Security has rated this update as ...

Mailing Lists

Hi all, Now that the discoverers of this bug (CVE-2022-0185) have published their exploit and writeup (twittercom/cor_ctf/status/1486022971034529794), here is the exploit I wrote (attached) and a short writeup: # Exploiting CVE-2022-0185: A Linux kernel slab out-of-bounds write Last week, a newly discovered vulnerability was announced ...

Github Repositories

Security Note (01/21/22): A vulnerability (CVE 2022-0185) was recently found in the Linux kernel, permitting a "User Namespace" escape (ie, an unprivileged user inside a user-namespace may gain root access to the host) This vulnerability affects containers deployed with Sysbox as they always use the Linux user-namespace for extra isolation To mitigate it, check if

CVE-2022-0185 This repo contains demo exploits for CVE-2022-0185 There are two versions here The non-kctf version (fuse version) specifically targets Ubuntu with kernel version 5110-44 It does not directly return a root shell, but makes /bin/bash suid, which will lead to trivial privilege escalation Adjusting the single_start and modprobe_path offsets should allow it to

CVE-2022-0185 CVE-2021-4034 POC and Docker and simple Analysis write up CVE-2022-0185 分析 [toc] 漏洞简介 漏洞编号: CVE-2022-0185 漏洞产品: linux kernel - fsconfig syscall 影响版本: linux kernel 51-rc1 ~ 源码获取: apt source linux-image-unsigned-5130-25-generic 或 mirrorsedgekernelorg/pub/linux/kernel/v5x/ 环境搭建 内核编译环境doc

工作中遇到的漏洞 PublicExploitation software CVE link linux kernel CVE-2022-0185 githubcom/Crusaders-of-Rust/CVE-2022-0185

CVE-2022-0185 Sample Ubuntu LPEs and container escapes coming soon demo

CVE-2022-0185 pipe version Using pipe-primitive to exploit CVE-2022-0185, so no kaslr leak nor smap smep ktpi bypass is needed :)

Security Note (01/21/22): A vulnerability (CVE 2022-0185) was recently found in the Linux kernel, permitting a "User Namespace" escape (ie, an unprivileged user inside a user-namespace may gain root access to the host) This vulnerability affects containers deployed with Sysbox as they always use the Linux user-namespace for extra isolation To mitigate it, check if

Github trending languages API This API provides list of most popular github languages, used in 100 most stared repositories for last 30 days The entire application is contained within the maingo file Application also uses Github API route apigithubcom/search/repositories?q=created:>{date}&sort=stars&order=desc&per_page=100 Install go

pipe-primitive An exploit primitive in linux kernel inspired by DirtyPipe (CVE-2022-0847) 前些日子,我像众多安全前辈那样对DirtyPipe(CVE-2022-0847)漏洞进行了学习和复现,深深感觉到这个洞的好用,这个洞始于一处内存的未初始化问题,终于对任意文件的修改,且中途不涉及KASLR的leak以及ROP、JOP等操作。

N-day Exploits CVE-2019-18634: Linux sudo LPE exploit for a stack-based buffer overflow in tgetpassc CVE-2020-28018: Linux Exim RCE exploit for a Use-After-Free in tls-opensslc CVE-2020-9273: Linux ProFTPd RCE exploit for a Use-After-Free in pool allocator CVE-2021-3156: Linux LPE exploit for a heap-based buffer overflow in sudo CVE-2021-40444: Microsoft Windows RCE exploit

VED (Vault Exploit Defense) - Linux kernel threat detection and prevention system How VED evolved Our previous write-up introduced the problem and the current status of Linux kernel security and why cloud native and automotive solution should adopt 3rd-party Linux kernel hardening solution We've been trying to build the full-stack security solution for platform and infras

DevSecOps Kubernetes Playground (aka "A Hacker's Guide to Kubernetes") Note: Based on k8s Security HOWTO Prerequisite: Setup Pentest Infrastructure/Environment: Kubernetes kubeadm-based setup with terraform + ansible on ProxMox (pfSense VM as Firewall/VPN/LB + k8s nodes VMs) Objective: Kubernetes has historically not been security hardened out of the box! (defaul

DevSecOps Kubernetes Playground (aka "A Hacker's Guide to Kubernetes") Based on Cloud-Native & Kubernetes Security HOWTO Prerequisite: Setup Pentest Infrastructure/Environment: Kubernetes kubeadm-based setup with terraform + ansible on ProxMox (pfSense VM as Firewall/VPN/LB + k8s nodes VMs) Objective: Kubernetes has historically not been security hardened

DevSecOps Kubernetes Playground ("A Hacker's Guide to Kubernetes") Based on Cloud-Native & Kubernetes Security HOWTO Tech Stack: Proxmox/pfSense/Ansible/Packer/Terraform/Kubernetes: kubeadm-based & KIND/Docker/etc Prerequisite: (DEFAULT DevSecOps ENV) Pentest Infrastructure/Environment (On-Prem Kubernetes Cluster): Kubernetes kubeadm-based setup

PoC in GitHub 2022 CVE-2022-0185 (2022-02-11) A heap-based buffer overflow flaw was found in the way the legacy_parse_param function in the Filesystem Context functionality of the Linux kernel verified the supplied parameters length An unprivileged (in case of unprivileged user namespaces enabled, otherwise needs namespaced CAP_SYS_ADMIN privilege) local user able to open a f

Recent Articles

Bug in the Linux Kernel Allows Privilege Escalation, Container Escape
Threatpost • Nate Nelson • 08 Mar 2022

To go along with the “Dirty Pipe” Linux security bug coming to light, two researchers from Huawei – Yiqi Sun and Kevin Wang – have discovered a vulnerability in the “control groups” feature of the Linux kernel which allows attackers to escape containers, escalate privileges and execute arbitrary commands on a host machine.
The bug (CVE-2022-0492) exists in the Linux kernel’s “cgroup_release_agent_write” feature, which is found in the “kernel/cgroup/cgroup-v1.c” functi...

Linux kernel bug can let hackers escape Kubernetes containers
BleepingComputer • Bill Toulas • 25 Jan 2022

A vulnerability affecting Linux kernel and tracked as CVE-2022-0185 can be used to escape containers in Kubernetes, giving access to resources on the host system.
Security researchers warn that exploiting this security issue is easier and more promising than initially estimated, and that patching is an urgent matter since the exploit code will soon become public.
Container breakouts are a special kind of cyber-attacks that can pave the way to deeper infiltration and lateral movement ...

'Now' would be the right time to patch Ubuntu container hosts and ditch 21.04 thanks to heap buffer overflow bug
The Register • Liam Proven in Prague • 20 Jan 2022

Get our weekly newsletter Red Hat agrees

The CVE-2022-0185 vulnerability in Ubuntu is severe enough that Red Hat is also advising immediate patching.
The flaw allows a process inside a Linux user namespace to escape, which means it potentially affects any machine running containers.
If you're not running any containers, you can just disable the user-namespace functionality – both companies' vulnerability descriptions describe how to do that on their respective distros. It affects RHEL (and derivatives) as well as Ubuntu 2...