Entreprise d'experts en Sécurité Informatique : Audits et conseils en cybersécurité
Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com


CVE-2022-0185

Description

A heap-based buffer overflow flaw was found in the way the legacy_parse_param function in the Filesystem Context functionality of the Linux kernel verified the supplied parameters length. An unprivileged (in case of unprivileged user namespaces enabled, otherwise needs namespaced CAP_SYS_ADMIN privilege) local user able to open a filesystem that does not support the Filesystem Context API (and thus fallbacks to legacy handling) could use this flaw to escalate their privileges on the system.

POC

Reference

- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=722d94847de2

- https://www.willsroot.io/2022/01/cve-2022-0185.html

Github

- https://github.com/0xMarcio/cve

- https://github.com/0xTen/pwn-gym

- https://github.com/20142995/sectool

- https://github.com/ARPSyndicate/cvemon

- https://github.com/Andromeda254/cve

- https://github.com/CVEDB/PoC-List

- https://github.com/CVEDB/awesome-cve-repo

- https://github.com/CVEDB/top

- https://github.com/Ch4nc3n/PublicExploitation

- https://github.com/Challengers-win/Sec-Interview-ai

- https://github.com/Crusaders-of-Rust/CVE-2022-0185

- https://github.com/Cybervixy/Vulnerability-Management

- https://github.com/EGI-Federation/SVG-advisories

- https://github.com/GhostTroops/TOP

- https://github.com/Ha0-Y/LinuxKernelExploits

- https://github.com/Ha0-Y/kernel-exploit-cve

- https://github.com/HaxorSecInfec/autoroot.sh

- https://github.com/JERRY123S/all-poc

- https://github.com/JlSakuya/Linux-Privilege-Escalation-Exploits

- https://github.com/LouisLiuNova/container-escape-exploits

- https://github.com/Maissacrement/cyber_sec_master_spv

- https://github.com/Metarget/metarget

- https://github.com/Mr-xn/Penetration_Testing_POC

- https://github.com/NaInSec/CVE-PoC-in-GitHub

- https://github.com/Oju-kwu/Vulnerability-Management-Lab

- https://github.com/SYRTI/POC_to_review

- https://github.com/Shoeb-K/MANAGE-SECURE-VALIDATE-DEBUG-MONITOR-HARDENING-AND-PREVENT-MISCONFIGURATION-OF-KUBERNETES

- https://github.com/Teedico/Nessus_Vulnerability_Assessment

- https://github.com/WhooAmii/POC_to_review

- https://github.com/XiaozaYa/CVE-Recording

- https://github.com/XinLiu2025/openkylinsat

- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits

- https://github.com/a8stract-lab/SeaK

- https://github.com/adavarski/HomeLab-Proxmox-k8s-DevSecOps-playground

- https://github.com/adavarski/HomeLab-k8s-DevSecOps-playground

- https://github.com/arveske/Github-language-trends

- https://github.com/bigpick/cve-reading-list

- https://github.com/binganao/vulns-2022

- https://github.com/bsauce/bsauce

- https://github.com/bsauce/kernel-exploit-factory

- https://github.com/bsauce/kernel-security-learning

- https://github.com/chenaotian/CVE-2022-0185

- https://github.com/chenaotian/CVE-2022-25636

- https://github.com/cyberanand1337x/bug-bounty-2022

- https://github.com/dcheng69/CVE-2022-0185-Case-Study

- https://github.com/devantler-tech/platform

- https://github.com/discordianfish/cve-2022-0185-crash-poc

- https://github.com/fckoo/pwn-gym

- https://github.com/featherL/CVE-2022-0185-exploit

- https://github.com/felixfu59/kernel-hack

- https://github.com/fwuest/opencti-homelab-demo

- https://github.com/hac425xxx/heap-exploitation-in-real-world

- https://github.com/hardenedvault/ved

- https://github.com/hktalent/TOP

- https://github.com/iridium-soda/container-escape-exploits

- https://github.com/jbmihoub/all-poc

- https://github.com/joydo/CVE-Writeups

- https://github.com/k0mi-tg/CVE-POC

- https://github.com/kdn111/linux-kernel-exploitation

- https://github.com/khaclep007/CVE-2022-0185

- https://github.com/khanhdn111/linux-kernel-exploitation

- https://github.com/khanhdz-06/linux-kernel-exploitation

- https://github.com/khanhdz191/linux-kernel-exploitation

- https://github.com/khanhhdz/linux-kernel-exploitation

- https://github.com/khanhhdz06/linux-kernel-exploitation

- https://github.com/khanhnd123/linux-kernel-exploitation

- https://github.com/khnhdz/linux-kernel-exploitation

- https://github.com/khu-capstone-design/kubernetes-vulnerability-investigation

- https://github.com/knd06/linux-kernel-exploitation

- https://github.com/krol3/kubernetes-security-checklist

- https://github.com/kvesta/vesta

- https://github.com/lafayette96/CVE-Errata-Tool

- https://github.com/ldrx30/LinuxKernelExploits

- https://github.com/lions2012/Penetration_Testing_POC

- https://github.com/lockedbyte/lockedbyte

- https://github.com/manas3c/CVE-POC

- https://github.com/ndk06/linux-kernel-exploitation

- https://github.com/ndk191/linux-kernel-exploitation

- https://github.com/neargle/re0-kubernetes-sec-archive

- https://github.com/nestybox/sysbox

- https://github.com/nestybox/sysbox-ee

- https://github.com/nomi-sec/PoC-in-GitHub

- https://github.com/ocastejon/linux-kernel-learning

- https://github.com/omkmorendha/LSM_Project

- https://github.com/pawan-shivarkar/List-of-CVE-s-

- https://github.com/pawan-shivarkar/pawan-shivarkar

- https://github.com/peng-hui/wip

- https://github.com/shahparkhan/cve-2022-0185

- https://github.com/soosmile/POC

- https://github.com/ssr-111/linux-kernel-exploitation

- https://github.com/trhacknon/Pocingit

- https://github.com/veritas501/CVE-2022-0185-PipeVersion

- https://github.com/veritas501/pipe-primitive

- https://github.com/vlain1337/auto-lpe

- https://github.com/weeka10/-hktalent-TOP

- https://github.com/whoforget/CVE-POC

- https://github.com/wkhnh06/linux-kernel-exploitation

- https://github.com/xairy/linux-kernel-exploitation

- https://github.com/xuetusummer/Penetration_Testing_POC

- https://github.com/youwizard/CVE-POC

- https://github.com/zecool/cve

- https://github.com/zhanpengliu-tencent/medium-cve

- https://github.com/zzcentury/PublicExploitation