### [CVE-2022-0185](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0185)
![](https://img.shields.io/static/v1?label=Product&message=kernel&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=%3D%208.4%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=Integer%20Overflow%20or%20Wraparound%20CWE-190&color=brighgreen)

### Description

A heap-based buffer overflow flaw was found in the way the legacy_parse_param function in the Filesystem Context functionality of the Linux kernel verified the supplied parameters length. An unprivileged (in case of unprivileged user namespaces enabled, otherwise needs namespaced CAP_SYS_ADMIN privilege) local user able to open a filesystem that does not support the Filesystem Context API (and thus fallbacks to legacy handling) could use this flaw to escalate their privileges on the system.

### POC

#### Reference
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=722d94847de2
- https://www.willsroot.io/2022/01/cve-2022-0185.html

#### Github
- https://github.com/0xMarcio/cve
- https://github.com/0xTen/pwn-gym
- https://github.com/20142995/sectool
- https://github.com/ARPSyndicate/cvemon
- https://github.com/CVEDB/PoC-List
- https://github.com/CVEDB/awesome-cve-repo
- https://github.com/CVEDB/top
- https://github.com/Ch4nc3n/PublicExploitation
- https://github.com/Crusaders-of-Rust/CVE-2022-0185
- https://github.com/EGI-Federation/SVG-advisories
- https://github.com/GhostTroops/TOP
- https://github.com/Ha0-Y/LinuxKernelExploits
- https://github.com/Ha0-Y/kernel-exploit-cve
- https://github.com/JERRY123S/all-poc
- https://github.com/JlSakuya/Linux-Privilege-Escalation-Exploits
- https://github.com/Metarget/metarget
- https://github.com/Mr-xn/Penetration_Testing_POC
- https://github.com/NaInSec/CVE-PoC-in-GitHub
- https://github.com/SYRTI/POC_to_review
- https://github.com/Shoeb-K/MANAGE-SECURE-VALIDATE-DEBUG-MONITOR-HARDENING-AND-PREVENT-MISCONFIGURATION-OF-KUBERNETES
- https://github.com/WhooAmii/POC_to_review
- https://github.com/XiaozaYa/CVE-Recording
- https://github.com/a8stract-lab/SeaK
- https://github.com/adavarski/HomeLab-Proxmox-k8s-DevSecOps-playground
- https://github.com/adavarski/HomeLab-k8s-DevSecOps-playground
- https://github.com/arveske/Github-language-trends
- https://github.com/bigpick/cve-reading-list
- https://github.com/binganao/vulns-2022
- https://github.com/bsauce/kernel-exploit-factory
- https://github.com/bsauce/kernel-security-learning
- https://github.com/chenaotian/CVE-2022-0185
- https://github.com/chenaotian/CVE-2022-25636
- https://github.com/cyberanand1337x/bug-bounty-2022
- https://github.com/dcheng69/CVE-2022-0185-Case-Study
- https://github.com/discordianfish/cve-2022-0185-crash-poc
- https://github.com/featherL/CVE-2022-0185-exploit
- https://github.com/felixfu59/kernel-hack
- https://github.com/hac425xxx/heap-exploitation-in-real-world
- https://github.com/hardenedvault/ved
- https://github.com/hktalent/TOP
- https://github.com/iridium-soda/container-escape-exploits
- https://github.com/jbmihoub/all-poc
- https://github.com/joydo/CVE-Writeups
- https://github.com/k0mi-tg/CVE-POC
- https://github.com/kdn111/linux-kernel-exploitation
- https://github.com/khaclep007/CVE-2022-0185
- https://github.com/khanhdn111/linux-kernel-exploitation
- https://github.com/khanhdz-06/linux-kernel-exploitation
- https://github.com/khanhdz191/linux-kernel-exploitation
- https://github.com/khanhhdz/linux-kernel-exploitation
- https://github.com/khanhhdz06/linux-kernel-exploitation
- https://github.com/khanhnd123/linux-kernel-exploitation
- https://github.com/khu-capstone-design/kubernetes-vulnerability-investigation
- https://github.com/knd06/linux-kernel-exploitation
- https://github.com/krol3/kubernetes-security-checklist
- https://github.com/kvesta/vesta
- https://github.com/lafayette96/CVE-Errata-Tool
- https://github.com/lions2012/Penetration_Testing_POC
- https://github.com/lockedbyte/lockedbyte
- https://github.com/manas3c/CVE-POC
- https://github.com/ndk191/linux-kernel-exploitation
- https://github.com/nestybox/sysbox
- https://github.com/nestybox/sysbox-ee
- https://github.com/nomi-sec/PoC-in-GitHub
- https://github.com/ocastejon/linux-kernel-learning
- https://github.com/omkmorendha/LSM_Project
- https://github.com/shahparkhan/cve-2022-0185
- https://github.com/soosmile/POC
- https://github.com/ssr-111/linux-kernel-exploitation
- https://github.com/trhacknon/Pocingit
- https://github.com/veritas501/CVE-2022-0185-PipeVersion
- https://github.com/veritas501/pipe-primitive
- https://github.com/weeka10/-hktalent-TOP
- https://github.com/whoforget/CVE-POC
- https://github.com/xairy/linux-kernel-exploitation
- https://github.com/xuetusummer/Penetration_Testing_POC
- https://github.com/youwizard/CVE-POC
- https://github.com/zecool/cve
- https://github.com/zzcentury/PublicExploitation