CVE-2022-0185

Name: CVE-2022-0185
Creator: NVD / NIST
Published: 2022-02-11T18:15:10.89+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

HIGHCVSS 8.4/10Actively ExploitedEPSS 25.15%

Last modified Jun 17, 2026

CVE-2022-0185 is a high-severity vulnerability rated 8.4/10 on the CVSS scale. A heap-based buffer overflow flaw was found in the way the legacy_parse_param function in the Filesystem Context functionality of the Linux kernel verified the supplied parameters length. An unprivileged (in case of unprivileged user namespaces enabled, otherwise needs namespaced CAP_SYS_ADMIN privilege) local user able to open a filesystem that does not support the Filesystem Context API (and thus fallbacks to legacy handling) could use this flaw to escalate their privileges on the system.. CISA has confirmed active exploitation in the wild. EPSS estimates a 25.15% chance of exploitation in the next 30 days.

Description

A heap-based buffer overflow flaw was found in the way the legacy_parse_param function in the Filesystem Context functionality of the Linux kernel verified the supplied parameters length. An unprivileged (in case of unprivileged user namespaces enabled, otherwise needs namespaced CAP_SYS_ADMIN privilege) local user able to open a filesystem that does not support the Filesystem Context API (and thus fallbacks to legacy handling) could use this flaw to escalate their privileges on the system.

Metrics

CVSS 3.1

8.4/10

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Probability

25.15%

97.7th percentile

Probability of exploitation in the next 30 days. Learn more

Exploitation Status

This vulnerability is listed in CISA’s Known Exploited Vulnerabilities catalog, confirming active exploitation in the wild. Federal agencies must remediate by Sep 11, 2024.

Weakness Enumeration

Affected Software

Vendor	Product	Versions
Linux	Linux Kernel	>= 5.1, < 5.4.173
Linux	Linux Kernel	>= 5.5, < 5.10.93
Linux	Linux Kernel	>= 5.11, < 5.15.16
Linux	Linux Kernel	>= 5.16, < 5.16.2
Netapp	H410c Firmware	All versions
Netapp	H300s Firmware	All versions
Netapp	H500s Firmware	All versions
Netapp	H700s Firmware	All versions
Netapp	H300e Firmware	All versions
Netapp	H500e Firmware	All versions
Netapp	H700e Firmware	All versions
Netapp	H410s Firmware	All versions

References

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=722d94847de2Mailing List, Patch
https://github.com/Crusaders-of-Rust/CVE-2022-0185Exploit, Third Party Advisory
https://security.netapp.com/advisory/ntap-20220225-0003/Third Party Advisory
https://www.openwall.com/lists/oss-security/2022/01/18/7Mailing List, Patch, Third Party Advisory
https://www.willsroot.io/2022/01/cve-2022-0185.htmlExploit, Third Party Advisory
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=722d94847de2Mailing List, Patch
https://github.com/Crusaders-of-Rust/CVE-2022-0185Exploit, Third Party Advisory
https://security.netapp.com/advisory/ntap-20220225-0003/Third Party Advisory
https://www.openwall.com/lists/oss-security/2022/01/18/7Mailing List, Patch, Third Party Advisory
https://www.willsroot.io/2022/01/cve-2022-0185.htmlExploit, Third Party Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-0185US Government Resource

Timeline

Published: Feb 11, 2022
Last Modified: Jun 17, 2026
Status: Analyzed

Frequently Asked Questions

What is CVE-2022-0185?

How severe is CVE-2022-0185?

CVE-2022-0185 has a CVSS score of 8.4/10 (HIGH severity). The EPSS model estimates a 25.15% probability of exploitation in the next 30 days. This vulnerability is listed in CISA's Known Exploited Vulnerabilities catalog.

How do I fix CVE-2022-0185?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2022-0185?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST