A heap overflow vulnerability has been discovered that reportedly affects multiple distributions. Thankfully, a patch for this Linux Kernel bug is available which users should ensure they deploy ASAP.
Heap Overflow Bug In Linux Kernel
A serious security vulnerability, CVE-2022-0185, recently came into the limelight after researchers found it existing for several years. This flaw has attained a high-severity rating and a CVSS score of 7.8.
Reportedly, the vulnerability made its way into the Linux Kernel version 5.1-rc1 back in 2019. Since then, it remained unpatched, and hence, affected numerous (rather all) distributions since February 2019.
Specifically, William Liu, a Linux Kernel developer, recently found a heap overflow bug in the Kernel. As elaborated, this vulnerability affected the
legacy_parse_param in the Filesystem Context system (
fs/fs_context.c) program. Typically, this program is used during superblock creation for mounting and remounting storage blocks.
Describing this vulnerability, the researcher stated,
“There is a heap overflow bug in legacy_parse_param in which the length of data copied can be incremented beyond the width of the 1-page slab allocated for it…
The bug is caused by an integer underflow present in fs/fs_context.c:legacy_parse_param, which results in miscalculation of a valid max length. A bounds check is present at fs_context.c:551, returning an error if (len > PAGE_SIZE – 2 – size); however, if the value of size is greater than or equal to 4095, the unsigned subtraction will underflow to a massive value greater than len, so the check will not trigger. After this, the attacker may freely write data out-of-bounds.
The researcher developed functional local privilege escalation exploits against Ubuntu 20.04, and container escape exploits against Google’s hardened COS.
Nonetheless, given the years-old existence of the flaw, it potentially risked all Linux distros.
So now, Linux users should hurry up to download the fix. Whereas, for the cases where patching isn’t viable, users should consider disabling unprivileged user namespaces.
Let us know your thoughts in the comments.