What the vulnerability does

01Description

A heap-based buffer overflow flaw was found in the way the legacy_parse_param function in the Filesystem Context functionality of the Linux kernel verified the supplied parameters length. An unprivileged (in case of unprivileged user namespaces enabled, otherwise needs namespaced CAP_SYS_ADMIN privilege) local user able to open a filesystem that does not support the Filesystem Context API (and thus fallbacks to legacy handling) could use this flaw to escalate their privileges on the system.

CISA mandated remediation

02CISA Required Action

Apply updates per vendor instructions or discontinue use of the product if updates are unavailable.

Key dates

03Disclosure timeline

February 11, 2022 CVE published
October 21, 2025 Record updated