CVE-2022-0185
published 2022-02-11CVE-2022-0185: A heap-based buffer overflow flaw was found in the way the legacy_parse_param function in the Filesystem Context functionality of the Linux kernel verified the…
PriorityP185high8.4CVSS 3.1
AVLACLPRNUINSUCHIHAH
KEVITWEXPLOITInitial access
CISA Known Exploited Vulnerabilitydue 2024-09-11
Exploited in the wild
EPSS
25.15%
97.7th percentile
A heap-based buffer overflow flaw was found in the way the legacy_parse_param function in the Filesystem Context functionality of the Linux kernel verified the supplied parameters length. An unprivileged (in case of unprivileged user namespaces enabled, otherwise needs namespaced CAP_SYS_ADMIN privilege) local user able to open a filesystem that does not support the Filesystem Context API (and thus fallbacks to legacy handling) could use this flaw to escalate their privileges on the system.
Affected
14 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | linux | < linux 5.15.15-1 (bookworm) | linux 5.15.15-1 (bookworm) |
| linux | linux_kernel | — | — |
| linux | linux_kernel | >= 0 < 5.10.92-1 | 5.10.92-1 |
| linux | linux_kernel | >= 0 < 5.15.15-1 | 5.15.15-1 |
| linux | linux_kernel | >= 0 < 5.15.15-1 | 5.15.15-1 |
| linux | linux_kernel | >= 0 < 5.15.15-1 | 5.15.15-1 |
| linux | linux_kernel | >= 0 < 5.4.0-96.109 | 5.4.0-96.109 |
| linux | linux_kernel | >= 5.1 < 5.4.173 | 5.4.173 |
| linux | linux_kernel | >= 5.11 < 5.15.16 | 5.15.16 |
| linux | linux_kernel | >= 5.16 < 5.16.2 | 5.16.2 |
| linux | linux_kernel | >= 5.5 < 5.10.93 | 5.10.93 |
| msrc | cbl2_kernel_5.15.26.1-1_on_cbl_mariner_2.0 | — | — |
| msrc | cm1_kernel_5.10.93.1-4_on_cbl_mariner_1.0 | — | — |
| paloalto | pan-os | — | — |
Detection & IOCsextracted from sources · hover to see the quote
sigma↗
index=main sourcetype=ProcessRollup2* event_simpleName=ProcessRollup2 event_platform=Lin OciContainerId=* | search FileName=unshare | stats dc(aid) as ContainerAid count(aid) as detectionCount, values(ComputerName) as endpointNames by ParentBaseFileName, FileName, UID_decimal | sort - detectionCount
- →CVE-2022-0185 exploits syscalls (fsconfig/heap overflow in fsconfig()) permitted by default seccomp profiles, enabling container breakouts — alert on fsconfig() syscall usage from containerized processes. ↗
- →Hunt for 'unshare' process executions inside Kubernetes pods (OciContainerId present) using SIEM/EDR telemetry, correlating by ParentBaseFileName, FileName=unshare, and UID_decimal. ↗
- ·The exploit requires unprivileged user namespaces to be enabled (kernel.unprivileged_userns_clone=1 or user.max_user_namespaces>0). Disabling unprivileged user namespaces blocks the privilege escalation path used to obtain CAP_SYS_ADMIN before triggering the heap overflow. ↗
- ·Default seccomp profiles do not block fsconfig() syscall, meaning CVE-2022-0185 can be triggered even in environments with basic seccomp enforcement unless the profile is explicitly hardened to deny fsconfig. ↗
CVSS provenance
nvdv3.18.4HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.2HIGHAV:L/AC:L/Au:N/C:C/I:C/A:C
osv8.4HIGH
vulncheck8.4HIGH
cisa8.4HIGH
vendor_debian8.4HIGH
vendor_msrc8.4HIGH
vendor_redhat8.4HIGH
vendor_ubuntu8.4HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
CVE-2022-0185: In legacy_parse_param of fs_context
osv·2022-06-01
CVE-2022-0185 CVE-2022-0185: In legacy_parse_param of fs_context
In legacy_parse_param of fs_context.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
OSV
linux-intel-5.13 vulnerabilities
osv·2022-04-01·CVSS 6.5
CVE-2022-25636 [MEDIUM] linux-intel-5.13 vulnerabilities
linux-intel-5.13 vulnerabilities
Nick Gregory discovered that the Linux kernel incorrectly handled network
offload functionality. A local attacker could use this to cause a denial of
service or possibly execute arbitrary code. (CVE-2022-25636)
Enrico Barberis, Pietro Frigo, Marius Muench, Herbert Bos, and Cristiano
Giuffrida discovered that hardware mitigations added by ARM to their
processors to address Spectre-BTI were insufficient. A local attacker could
potentially use this to expose sensitive information. (CVE-2022-23960)
It was discovered that the BPF verifier in the Linux kernel did not
properly restrict pointer types in certain situations. A local attacker
could use this to cause a denial of service (system crash) or possibly
execute arbitrary code. (CVE-2022-23222)
Max Kellerm
OSV
CVE-2022-0185: A heap-based buffer overflow flaw was found in the way the legacy_parse_param function in the Filesystem Context functionality of the Linux kernel ver
osv·2022-02-11·CVSS 8.4
CVE-2022-0185 [HIGH] CVE-2022-0185: A heap-based buffer overflow flaw was found in the way the legacy_parse_param function in the Filesystem Context functionality of the Linux kernel ver
A heap-based buffer overflow flaw was found in the way the legacy_parse_param function in the Filesystem Context functionality of the Linux kernel verified the supplied parameters length. An unprivileged (in case of unprivileged user namespaces enabled, otherwise needs namespaced CAP_SYS_ADMIN privilege) local user able to open a filesystem that does not support the Filesystem Context API (and thus fallbacks to legacy handling) could use this flaw to escalate their privileges on the system.
OSV
Kernel Live Patch Security Notice
osv·2022-01-20·CVSS 8.4
CVE-2022-0185 [HIGH] Kernel Live Patch Security Notice
Kernel Live Patch Security Notice
William Liu and Jamie Hill-Daniel discovered that the file system context
functionality in the Linux kernel contained an integer underflow
vulnerability, leading to an out-of-bounds write. A local attacker could
use this to cause a denial of service (system crash) or execute arbitrary
code.(CVE-2022-0185)
VulnCheck
Linux Kernel Heap-Based Buffer Overflow Vulnerability
vulncheck·2022·CVSS 8.4
CVE-2022-0185 [HIGH] CWE-190 Linux Kernel Heap-Based Buffer Overflow Vulnerability
Linux Kernel Heap-Based Buffer Overflow Vulnerability
Linux kernel contains a heap-based buffer overflow vulnerability in the legacy_parse_param function in the Filesystem Context functionality. This allows an attacker to open a filesystem that does not support the Filesystem Context API and ultimately escalate privileges.
Affected: Linux Kernel
Required Action: Apply updates per vendor instructions or discontinue use of the product if updates are unavailable.
Exploitation References: https://cloud.google.com/blog/topics/threat-intelligence/initial-access-brokers-exploit-f5-screenconnect; https://www.mandiant.com/resources/blog/initial-access-brokers-exploit-f5-screenconnect; https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json; https://unit42.paloaltonet
CISA
Linux Kernel Heap-Based Buffer Overflow Vulnerability
cisa·2024-08-21·CVSS 8.4
CVE-2022-0185 [HIGH] CWE-190 Linux Kernel Heap-Based Buffer Overflow Vulnerability
Vulnerability: Linux Kernel Heap-Based Buffer Overflow Vulnerability
Affected: Linux Kernel
Linux kernel contains a heap-based buffer overflow vulnerability in the legacy_parse_param function in the Filesystem Context functionality. This allows an attacker to open a filesystem that does not support the Filesystem Context API and ultimately escalate privileges.
Required Action: Apply updates per vendor instructions or discontinue use of the product if updates are unavailable.
Notes: This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. For more information, please see: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=722d94847de2; https://nvd.nist.gov/vuln/detail/CVE-2022-0185
Remediation Due
Palo Alto
PAN-SA-2024-0001 Informational Bulletin: Impact of OSS CVEs in PAN-OS
vendor_paloalto·2024-02-14·CVSS 9.8
CVE-2017-18342 [CRITICAL] PAN-SA-2024-0001 Informational Bulletin: Impact of OSS CVEs in PAN-OS
PAN-SA-2024-0001 Informational Bulletin: Impact of OSS CVEs in PAN-OS
The Palo Alto Networks Product Security Assurance team has evaluated the following open source software (OSS) CVEs as they relate to PAN-OS software. While PAN-OS software may include the
CVEs: CVE-2017-18342, CVE-2017-8923, CVE-2017-9120, CVE-2019-1551, CVE-2019-16865, CVE-2019-16905, CVE-2019-19523, CVE-2019-19528, CVE-2019-19911, CVE-2020-0404, CVE-2020-0431, CVE-2020-0466, CVE-2020-10379, CVE-2020-11538, CVE-2020-11608, CVE-2020-12114, CVE-2020-12321, CVE-2020-12362, CVE-2020-12363, CVE-2020-12364, CVE-2020-13757, CVE-2020-14314, CVE-2020-14351, CVE-2020-15778, CVE-2020-1967, CVE-2020-24394, CVE-2020-24504, CVE-2020-25211, CVE-2020-25212, CVE-2020-25284, CVE-2020-25285, CVE-2020-25717, CVE-2020-26541, CVE-2020-2715
Ubuntu
Linux kernel (Intel IOTG) vulnerabilities
vendor_ubuntu·2022-04-01·CVSS 6.5
CVE-2022-0742 [MEDIUM] Linux kernel (Intel IOTG) vulnerabilities
Title: Linux kernel (Intel IOTG) vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Nick Gregory discovered that the Linux kernel incorrectly handled network
offload functionality. A local attacker could use this to cause a denial of
service or possibly execute arbitrary code. (CVE-2022-25636)
Enrico Barberis, Pietro Frigo, Marius Muench, Herbert Bos, and Cristiano
Giuffrida discovered that hardware mitigations added by ARM to their
processors to address Spectre-BTI were insufficient. A local attacker could
potentially use this to expose sensitive information. (CVE-2022-23960)
It was discovered that the BPF verifier in the Linux kernel did not
properly restrict pointer types in certain situations. A local attacker
could use this to cause a denial of servic
Microsoft
A heap-based buffer overflow flaw was found in the way the legacy_parse_param function in the Filesystem Context functionality of the Linux kernel verified the supplied parameters length. An unprivile
vendor_msrc·2022-02-08·CVSS 8.4
CVE-2022-0185 [HIGH] CWE-191 A heap-based buffer overflow flaw was found in the way the legacy_parse_param function in the Filesystem Context functionality of the Linux kernel verified the supplied parameters length. An unprivile
A heap-based buffer overflow flaw was found in the way the legacy_parse_param function in the Filesystem Context functionality of the Linux kernel verified the supplied parameters length. An unprivileged (in case of unprivileged user namespaces enabled otherwise needs namespaced CAP_SYS_ADMIN privilege) local user able to open a filesystem that does not support the Filesystem Context API (and thus fallbacks to legacy handling) could use this flaw to escalate their privileges on the system.
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secu
Ubuntu
Kernel Live Patch Security Notice
vendor_ubuntu·2022-01-20·CVSS 8.4
CVE-2022-0185 [HIGH] Kernel Live Patch Security Notice
Title: Kernel Live Patch Security Notice
Summary: A security issue was fixed in the kernel.
William Liu and Jamie Hill-Daniel discovered that the file system context
functionality in the Linux kernel contained an integer underflow
vulnerability, leading to an out-of-bounds write. A local attacker could
use this to cause a denial of service (system crash) or execute arbitrary
code.(CVE-2022-0185)
Ubuntu
Linux kernel vulnerability
vendor_ubuntu·2022-01-19
CVE-2022-0185 Linux kernel vulnerability
Title: Linux kernel vulnerability
Summary: The system could be made to crash or run programs as an administrator.
William Liu and Jamie Hill-Daniel discovered that the file system context
functionality in the Linux kernel contained an integer underflow
vulnerability, leading to an out-of-bounds write. A local attacker could
use this to cause a denial of service (system crash) or execute arbitrary
code.
Instructions: After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. li
Red Hat
kernel: fs_context: heap overflow in legacy parameter handling
vendor_redhat·2022-01-18·CVSS 8.4
CVE-2022-0185 [HIGH] CWE-191 kernel: fs_context: heap overflow in legacy parameter handling
kernel: fs_context: heap overflow in legacy parameter handling
A heap-based buffer overflow flaw was found in the way the legacy_parse_param function in the Filesystem Context functionality of the Linux kernel verified the supplied parameters length. An unprivileged (in case of unprivileged user namespaces enabled, otherwise needs namespaced CAP_SYS_ADMIN privilege) local user able to open a filesystem that does not support the Filesystem Context API (and thus fallbacks to legacy handling) could use this flaw to escalate their privileges on the system.
A heap-based buffer overflow flaw was found in the way the legacy_parse_param function in the Filesystem Context functionality of the Linux kernel verified the supplied parameters length. An unprivileged (in case of unprivileged user names
Debian
CVE-2022-0185: linux - A heap-based buffer overflow flaw was found in the way the legacy_parse_param fu...
vendor_debian·2022·CVSS 8.4
CVE-2022-0185 [HIGH] CVE-2022-0185: linux - A heap-based buffer overflow flaw was found in the way the legacy_parse_param fu...
A heap-based buffer overflow flaw was found in the way the legacy_parse_param function in the Filesystem Context functionality of the Linux kernel verified the supplied parameters length. An unprivileged (in case of unprivileged user namespaces enabled, otherwise needs namespaced CAP_SYS_ADMIN privilege) local user able to open a filesystem that does not support the Filesystem Context API (and thus fallbacks to legacy handling) could use this flaw to escalate their privileges on the system.
Scope: local
bookworm: resolved (fixed in 5.15.15-1)
bullseye: resolved (fixed in 5.10.92-1)
forky: resolved (fixed in 5.15.15-1)
sid: resolved (fixed in 5.15.15-1)
trixie: resolved (fixed in 5.15.15-1)
CISA
Microsoft Windows Media Center Remote Code Execution Vulnerability
cisa·2021-11-03·CVSS 7.8
CVE-2016-0185 [HIGH] CWE-20 Microsoft Windows Media Center Remote Code Execution Vulnerability
Vulnerability: Microsoft Windows Media Center Remote Code Execution Vulnerability
Affected: Microsoft Windows
Microsoft Windows Media Center contains a remote code execution vulnerability when Windows Media Center opens a specially crafted Media Center link (.mcl) file that references malicious code.
Required Action: Apply updates per vendor instructions.
Notes: https://nvd.nist.gov/vuln/detail/CVE-2016-0185
Remediation Due Date: 2022-05-03
No detection rules found.
No public exploits indexed.
Unit42
Exploitation of Critical Vulnerability in React Server Components (Updated December 12)
blogs_unit42·2025-12-12·CVSS 10.0
CVE-2025-55182 [CRITICAL] Exploitation of Critical Vulnerability in React Server Components (Updated December 12)
Threat Research Center
High Profile Threats
Vulnerabilities
## Exploitation of Critical Vulnerability in React Server Components (Updated December 12)
Justin Moore
Published: December 12, 2025
High Profile Threats
Vulnerabilities
Cobalt Strike
CVE-2025-55182
CVE-2025-66478
Remote Code Execution
Web shells
## Executive Summary
Unit 42 stopped monitoring this threat and updating the brief on Jan. 30, 2025. Please refer to Vercel's website for the latest information.
## Update Dec. 12, 2025
Unit 42 uncovered the previously unseen KSwapDoor. This Linux backdoor was initially mistaken for BPFDoor.
Key features include:
P2P mesh network: Enables multi-hop routing for robust C2 communications
Strong encryption: Uses AES-256-CFB with Diffie-Hellman key exchange
Stealth an
Unit42
Exploitation of Critical Vulnerability in React Server Components (Updated December 12)
blogs_unit42·2025-12-12·CVSS 10.0
CVE-2025-55182 [CRITICAL] Exploitation of Critical Vulnerability in React Server Components (Updated December 12)
## Executive Summary
Unit 42 stopped monitoring this threat and updating the brief on Jan. 30, 2025. Please refer to Vercel's website for the latest information.
### Update Dec. 12, 2025
Unit 42 uncovered the previously unseen KSwapDoor. This Linux backdoor was initially mistaken for BPFDoor.
Key features include:
- P2P mesh network: Enables multi-hop routing for robust C2 communications
- Strong encryption: Uses AES-256-CFB with Diffie-Hellman key exchange
- Stealth and persistence: Mimics a legitimate Linux kernel swap daemon
- Full remote access: Offers an interactive shell, command execution, file operations and lateral movement scanning
### Update Dec. 9, 2025
Unit 42 has identified activity that reportedly shares overlap with North Korean (DPRK) Contagious Interview tooling, t
Tenable
Cybersecurity Snapshot: CISA Calls for Stamping Out Buffer Overflow Vulnerabilities, as Europol Tells Banks To Prep For Quantum Threat
blogs_tenable·2025-02-14
Cybersecurity Snapshot: CISA Calls for Stamping Out Buffer Overflow Vulnerabilities, as Europol Tells Banks To Prep For Quantum Threat
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Wiz
Enhancing Kubernetes security with user namespaces | Wiz Blog
blogs_wiz·2023-01-23
Enhancing Kubernetes security with user namespaces | Wiz Blog
Kubernetes v1.25 introduced alpha support for Linux user namespaces (userns). This feature is touted as an additional isolation layer that improves host security and prevents many known container escape scenarios.
In this blog, we will dive deep into some potential uses and intricacies of user namespaces in order to provide a set of best practices for cluster operators aiming to enhance their clusters’ security.
## Background
User namespaces are not a new concept. The Linux kernel manual mentions userns starting with v3.8. Ever since, userns have been a core technology behind rootless containers. Given that current kernel versions are in the 5.x range, userns have had ample opportunity to evolve. However, their complexity and potential security implications must be recognized: their use
Crowdstrike
Kubernetes Container Escape Using Linux Kernel Exploit
blogs_crowdstrike·CVSS 7.5
CVE-2026-20929 [HIGH] Kubernetes Container Escape Using Linux Kernel Exploit
STARDUST CHOLLIMA Likely Compromises Axios npm Package Apr 01, 2026
Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management Apr 01, 2026
Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse Mar 31, 2026
How Charlotte AI AgentWorks Fuels Security's Agentic Ecosystem Mar 25, 2026
STARDUST CHOLLIMA Likely Compromises Axios npm Package Apr 01, 2026
Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management Apr 01, 2026
Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse Mar 31, 2026
How Charlotte AI AgentWorks Fuels Security's Agentic Ecosystem Mar 25, 2026
Video Highlights the 4 Key Steps to Successful Incident Response Dec 02, 2019
Helping Non-Security Stakeholders Understand ATT&CK in 10 Minutes or Less [VI
Crowdstrike
Kubernetes Container Escape Using Linux Kernel Exploit
blogs_crowdstrike·CVSS 7.5
CVE-2026-20929 [HIGH] Kubernetes Container Escape Using Linux Kernel Exploit
How CrowdStrike is Accelerating Exposure Evaluation as Adversaries Gain Speed Apr 06, 2026
STARDUST CHOLLIMA Likely Compromises Axios npm Package Apr 01, 2026
Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management Apr 01, 2026
Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse Mar 31, 2026
How CrowdStrike is Accelerating Exposure Evaluation as Adversaries Gain Speed Apr 06, 2026
STARDUST CHOLLIMA Likely Compromises Axios npm Package Apr 01, 2026
Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management Apr 01, 2026
Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse Mar 31, 2026
Video Highlights the 4 Key Steps to Successful Incident Response Dec 02, 2019
Helping Non-Security Stakeholders Understand AT
arXiv
AutoPatch: Multi-Agent Framework for Patching Real-World CVE Vulnerabilities
arxiv_fulltext·2025-11-28
AutoPatch: Multi-Agent Framework for Patching Real-World CVE Vulnerabilities
AutoPatch: Multi-Agent Framework for Patching Real-World CVEs Generated by Outdated LLMs
Minjae Seo^ ,
Wonwoo Choi^ ,
Seungwon Shin,
Myoungsung You
^ Minjae Seo and Wonwoo Choi contributed equally to this work.
M. Seo is with Electronics and Telecommunications Research Institute.
W. Choi is with Agency for Defense Development.
S. Shin is with the School of Electrical Engineering, Korea Advanced Institute of Science and Technology.
M. You is with the School of Electrical and Computer Engineering, University of Seoul. E-mail: [email protected]
## Abstract
Large Language Models (LLMs) have emerged as promising tools in software development, enabling automated code generation and analysis.
However, their knowledge is limited to a fixed cutoff date, making them prone to generating code vulne
arXiv
eBPF-PATROL: Protective Agent for Threat Recognition and Overreach Limitation using eBPF in Containerized and Virtualized Environments
arxiv_fulltext·2025-11-22
eBPF-PATROL: Protective Agent for Threat Recognition and Overreach Limitation using eBPF in Containerized and Virtualized Environments
eBPF-PATROL: Protective Agent for Threat Recognition and Overreach Limitation using eBPF in Containerized and Virtualized Environments
Sangam Ghimire1,
Nirjal Bhurtel2,
Roshan Sahani3,
Sudan Jha4
Department of Computer Science and Engineering, Kathmandu University, Dhulikhel, Nepal
Email: [email protected],
[email protected],
[email protected],
[email protected]
## Abstract
With the increasing use and adoption of cloud and cloud-native computing, the underlying technologies,(i.e containerization and virtualization) have become foundational. However, strict isolation and maintaining runtime security in those environments has become increasingly challenging. Existing approaches like seccomp and Mandatory Access Control (MAC) frameworks offer some protection upto
arXiv
KernJC: Automated Vulnerable Environment Generation for Linux Kernel Vulnerabilities
arxiv_fulltext·2024-09-24
KernJC: Automated Vulnerable Environment Generation for Linux Kernel Vulnerabilities
: Automated Vulnerable Environment Generation for Linux Kernel Vulnerabilities
Bonan Ruan
National University of Singapore
Jiahao Liu
National University of Singapore
Chuqi Zhang
National University of Singapore
Zhenkai Liang
National University of Singapore
## Abstract
Linux kernel vulnerability reproduction is a critical task in system security.
To reproduce a kernel vulnerability, the vulnerable environment and the Proof of Concept (PoC) program are needed.
Most existing research focuses on the generation of PoC, while the construction of environment is overlooked.
However, establishing an effective vulnerable environment to trigger a vulnerability is challenging.
Firstly, it is hard to guarantee that the selected kernel version for reproduction is vulnerable, as the vulner
arXiv
Beyond Control: Exploring Novel File System Objects for Data-Only Attacks on Linux Systems
arxiv_fulltext·2024-09-07
Beyond Control: Exploring Novel File System Objects for Data-Only Attacks on Linux Systems
Beyond Control: Exploring Novel File System Objects for Data-Only Attacks on Linux Systems
Jinmeng Zhou, Jiayi Hu, Ziyue Pan, Jiaxun Zhu, Wenbo Shen, Guoren Li, Zhiyun Qian
Jinmeng Zhou, Jiayi Hu, Ziyue Pan, Jiaxun Zhu and Wenbo Shen are with the College of Computer Science and Technology at Zhejiang University, Hangzhou, Zhejiang, 310027, China.
Email: \jinmengzhou, hujiayi, ziyuepan, sevenswords, shenwenbo\@zju.edu.cn;
Guoren Li and Zhiyun Qian are with the Department of Computer Science and Engineering, University of California, Riverside 92521, USA.
Email: [email protected] and [email protected];
Wenbo Shen is the corresponding author.
IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, VOL. XX, 20XX
Shell et al.: A Sample Article Using IEEEtran.cls for IEEE Journals
## Abstra
arXiv
TikTag: Breaking ARM's Memory Tagging Extension with Speculative Execution
arxiv_fulltext·2024-06-13
TikTag: Breaking ARM's Memory Tagging Extension with Speculative Execution
: Breaking ARM's Memory Tagging Extension with Speculative Execution
fancyplain
Rev.
\ of LastPage
Juhee Kim
Seoul National University
[email protected]
Jinbum Park
Samsung Research
[email protected]
Sihyeon Roh
Seoul National University
[email protected]
Jaeyoung Chung
Seoul National University
[email protected]
Youngjoo Lee
Seoul National University
[email protected]
Taesoo Kim
Samsung Research and
Georgia Institute of Technology
[email protected]
Byoungyoung Lee
Seoul National University
[email protected]
## Abstract
ARM Memory Tagging Extension (MTE) is a new hardware feature
introduced in ARMv8.5-A architecture, aiming to detect memory
corruption vulnerabilities.
The low overhead of MTE makes it an attractive solution to mitigate
memory corruptio
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=722d94847de2https://github.com/Crusaders-of-Rust/CVE-2022-0185https://security.netapp.com/advisory/ntap-20220225-0003/https://www.openwall.com/lists/oss-security/2022/01/18/7https://www.willsroot.io/2022/01/cve-2022-0185.htmlhttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=722d94847de2https://github.com/Crusaders-of-Rust/CVE-2022-0185https://security.netapp.com/advisory/ntap-20220225-0003/https://www.openwall.com/lists/oss-security/2022/01/18/7https://www.willsroot.io/2022/01/cve-2022-0185.htmlhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-0185
2022-02-11
Published
2024-08-21
Added to CISA KEV
Exploited in the wild