Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 831606 (CVE-2022-0185)

Summary: Heap buffer overflow in legacy_parse_param (local privilege escalation) (CVE-2022-0185)
Product: Gentoo Security Reporter: Sam James <sam>
Component: KernelAssignee: Gentoo Kernel Security <security-kernel>
Status: RESOLVED FIXED    
Severity: normal    
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://seclists.org/oss-sec/2022/q1/55
Whiteboard:
Package list:
Runtime testing required: ---
Bug Depends on: 831615, 831616, 831618    
Bug Blocks:    

Description Sam James archtester Gentoo Infrastructure gentoo-dev Security 2022-01-20 15:59:34 UTC
Description:
"A heap-based buffer overflow flaw was found in the way the legacy_parse_param function in the Filesystem Context functionality of the Linux kernel verified the supplied parameters length. An unprivileged (in case of unprivileged user namespaces enabled, otherwise needs namespaced CAP_SYS_ADMIN privilege) local user able to open a filesystem that does not support the Filesystem Context API (and thus fallbacks to legacy handling) could use this flaw to escalate their privileges on the system."

https://seclists.org/oss-sec/2022/q1/55
Comment 1 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2022-01-20 16:31:04 UTC
Fixed versions:
>=5.15.16
>=5.10.93
>=5.4.173

Earlier branches not affected.
Comment 2 Larry the Git Cow gentoo-dev 2022-01-20 18:22:37 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=693263a0b9dc61f1d7d025fe955ea6a925945e3f

commit 693263a0b9dc61f1d7d025fe955ea6a925945e3f
Author:     Mike Pagano <mpagano@gentoo.org>
AuthorDate: 2022-01-20 18:22:27 +0000
Commit:     Mike Pagano <mpagano@gentoo.org>
CommitDate: 2022-01-20 18:22:27 +0000

    sys-kernel/gentoo-sources: Auto-stabilize due to security issue
    
    Bug: https://bugs.gentoo.org/831606
    See: https://wiki.gentoo.org/wiki/Project:Kernel#Kernel_stabilization
    Package-Manager: Portage-3.0.30, Repoman-3.0.3
    Signed-off-by: Mike Pagano <mpagano@gentoo.org>

 sys-kernel/gentoo-sources/Manifest                 | 15 ------------
 .../gentoo-sources/gentoo-sources-5.4.168.ebuild   | 28 ----------------------
 .../gentoo-sources/gentoo-sources-5.4.169.ebuild   | 28 ----------------------
 .../gentoo-sources/gentoo-sources-5.4.170.ebuild   | 28 ----------------------
 .../gentoo-sources/gentoo-sources-5.4.171.ebuild   | 28 ----------------------
 .../gentoo-sources/gentoo-sources-5.4.172.ebuild   | 28 ----------------------
 .../gentoo-sources/gentoo-sources-5.4.173.ebuild   |  2 +-
 7 files changed, 1 insertion(+), 156 deletions(-)
Comment 3 Larry the Git Cow gentoo-dev 2022-01-20 18:24:11 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2d25d4f3a21e942b0d939fef3d0d79d043986ef1

commit 2d25d4f3a21e942b0d939fef3d0d79d043986ef1
Author:     Mike Pagano <mpagano@gentoo.org>
AuthorDate: 2022-01-20 18:24:04 +0000
Commit:     Mike Pagano <mpagano@gentoo.org>
CommitDate: 2022-01-20 18:24:04 +0000

    sys-kernel/gentoo-sources: Auto-stabilize 5.10.93 due to security issue
    
    Bug: https://bugs.gentoo.org/831606
    See: https://wiki.gentoo.org/wiki/Project:Kernel#Kernel_stabilization
    Package-Manager: Portage-3.0.30, Repoman-3.0.3
    Signed-off-by: Mike Pagano <mpagano@gentoo.org>

 sys-kernel/gentoo-sources/Manifest                 | 15 ------------
 .../gentoo-sources/gentoo-sources-5.10.88.ebuild   | 28 ----------------------
 .../gentoo-sources/gentoo-sources-5.10.89.ebuild   | 28 ----------------------
 .../gentoo-sources/gentoo-sources-5.10.90.ebuild   | 28 ----------------------
 .../gentoo-sources/gentoo-sources-5.10.91.ebuild   | 28 ----------------------
 .../gentoo-sources/gentoo-sources-5.10.92.ebuild   | 28 ----------------------
 .../gentoo-sources/gentoo-sources-5.10.93.ebuild   |  2 +-
 7 files changed, 1 insertion(+), 156 deletions(-)
Comment 4 Larry the Git Cow gentoo-dev 2022-01-20 18:26:09 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=67928dc1c2fc3938981081325e97cf1ee459cb9f

commit 67928dc1c2fc3938981081325e97cf1ee459cb9f
Author:     Mike Pagano <mpagano@gentoo.org>
AuthorDate: 2022-01-20 18:26:02 +0000
Commit:     Mike Pagano <mpagano@gentoo.org>
CommitDate: 2022-01-20 18:26:02 +0000

    sys-kernel/gentoo-sources: Auto-stabilize 5.15.16 due to security issue
    
    Bug: https://bugs.gentoo.org/831606
    See: https://wiki.gentoo.org/wiki/Project:Kernel#Kernel_stabilization
    Package-Manager: Portage-3.0.30, Repoman-3.0.3
    Signed-off-by: Mike Pagano <mpagano@gentoo.org>

 sys-kernel/gentoo-sources/Manifest                 | 15 ------------
 .../gentoo-sources/gentoo-sources-5.15.11.ebuild   | 28 ----------------------
 .../gentoo-sources/gentoo-sources-5.15.12.ebuild   | 28 ----------------------
 .../gentoo-sources/gentoo-sources-5.15.13.ebuild   | 28 ----------------------
 .../gentoo-sources/gentoo-sources-5.15.14.ebuild   | 28 ----------------------
 .../gentoo-sources/gentoo-sources-5.15.15.ebuild   | 28 ----------------------
 .../gentoo-sources/gentoo-sources-5.15.16.ebuild   |  2 +-
 7 files changed, 1 insertion(+), 156 deletions(-)
Comment 5 Larry the Git Cow gentoo-dev 2022-01-23 09:13:50 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3f8ccda939720fd542e1c393d0819ee05a52f537

commit 3f8ccda939720fd542e1c393d0819ee05a52f537
Author:     Joonas Niilola <juippis@gentoo.org>
AuthorDate: 2022-01-23 09:11:25 +0000
Commit:     Joonas Niilola <juippis@gentoo.org>
CommitDate: 2022-01-23 09:13:44 +0000

    sys-kernel/pf-sources: add 5.15.{14..16} patches for CAP_SYS_ADMIN
    
    Bug: https://bugs.gentoo.org/831606
    Signed-off-by: Joonas Niilola <juippis@gentoo.org>

 sys-kernel/pf-sources/Manifest                     |  3 +
 sys-kernel/pf-sources/pf-sources-5.15_p6-r1.ebuild | 82 ++++++++++++++++++++++
 2 files changed, 85 insertions(+)
Comment 6 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-03-26 01:42:00 UTC
Stabled and cleaned up, all done.