⚠ Actively exploited
Added to CISA KEV on 2024-08-21. Federal agencies required to patch by 2024-09-11. Required action: Apply updates per vendor instructions or discontinue use of the product if updates are unavailable..

CVE-2022-0185Integer Overflow or Wraparound in Kernel

CWE-190Integer Overflow or WraparoundCWE-191Integer Underflow (Wrap or Wraparound)CWE-20Improper Input Validation27 documents14 sources
Severity
8.4HIGHNVD
OSV6.5CISA7.8
EPSS
3.3%
top 12.68%
CISA KEV
KEV
Added 2024-08-21
Due 2024-09-11
Exploit
Exploited in wild
Active exploitation observed
Affected products
5
Linux KernelDebian LinuxPaloalto Pan-os+2 more
Timeline
PublishedFeb 11
KEV addedAug 21
KEV dueSep 11
Latest updateDec 12
CISA Required Action: Apply updates per vendor instructions or discontinue use of the product if updates are unavailable.

Description

A heap-based buffer overflow flaw was found in the way the legacy_parse_param function in the Filesystem Context functionality of the Linux kernel verified the supplied parameters length. An unprivileged (in case of unprivileged user namespaces enabled, otherwise needs namespaced CAP_SYS_ADMIN privilege) local user able to open a filesystem that does not support the Filesystem Context API (and thus fallbacks to legacy handling) could use this flaw to escalate their privileges on the system.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.5 | Impact: 5.9

Affected Packages8 packages

NVDlinux/linux_kernel5.15.4.173+3
Debianlinux/linux_kernel< 5.10.92-1+3
Ubuntulinux/linux_kernel< 5.4.0-96.109
CVEListV5linux/linux_kernel8.4
debiandebian/linux< linux 5.15.15-1 (bookworm)

Patches

Patch: git.kernel.orgPatch: www.openwall.comPatch: git.kernel.org

🔴Vulnerability Details

5
OSV
CVE-2022-0185: In legacy_parse_param of fs_context2022-06-01
OSV
linux-intel-5.13 vulnerabilities2022-04-01
OSV
CVE-2022-0185: A heap-based buffer overflow flaw was found in the way the legacy_parse_param function in the Filesystem Context functionality of the Linux kernel ver2022-02-11
OSV
Kernel Live Patch Security Notice2022-01-20
VulnCheck
Linux Kernel Heap-Based Buffer Overflow Vulnerability2022

📋Vendor Advisories

9
CISA
Linux Kernel Heap-Based Buffer Overflow Vulnerability2024-08-21
Palo Alto
PAN-SA-2024-0001 Informational Bulletin: Impact of OSS CVEs in PAN-OS2024-02-14
Ubuntu
Linux kernel (Intel IOTG) vulnerabilities2022-04-01
Microsoft
A heap-based buffer overflow flaw was found in the way the legacy_parse_param function in the Filesystem Context functionality of the Linux kernel verified the supplied parameters length. An unprivile2022-02-08
Ubuntu
Kernel Live Patch Security Notice2022-01-20

🕵️Threat Intelligence

7
Unit42
Exploitation of Critical Vulnerability in React Server Components (Updated December 12)2025-12-12
Unit42
Exploitation of Critical Vulnerability in React Server Components (Updated December 12)2025-12-12
Tenable
Cybersecurity Snapshot: CISA Calls for Stamping Out Buffer Overflow Vulnerabilities, as Europol Tells Banks To Prep For Quantum Threat2025-02-14
Wiz
Enhancing Kubernetes security with user namespaces | Wiz Blog2023-01-23
Crowdstrike
Category

📄Research Papers

5
arXiv
AutoPatch: Multi-Agent Framework for Patching Real-World CVE Vulnerabilities2025-11-28
arXiv
eBPF-PATROL: Protective Agent for Threat Recognition and Overreach Limitation using eBPF in Containerized and Virtualized Environments2025-11-22
arXiv
KernJC: Automated Vulnerable Environment Generation for Linux Kernel Vulnerabilities2024-09-24
arXiv
Beyond Control: Exploring Novel File System Objects for Data-Only Attacks on Linux Systems2024-09-07
arXiv
TikTag: Breaking ARM's Memory Tagging Extension with Speculative Execution2024-06-13