CVE-2022-0185

Overview

CVE-2022-0185 is a heap-based buffer overflow vulnerability in the Linux kernel's Filesystem Context API, specifically in the legacy_parse_param function. An integer underflow in the bounds check allows the kernel's fsconfig() syscall to write past the end of a 4 KiB heap allocation, corrupting adjacent kernel memory. Crucially, the fsconfig() syscall requires only CAP_SYS_ADMIN — a capability that any unprivileged user can acquire within a newly created user namespace — making this a zero-privilege local privilege escalation on any kernel where user namespaces are enabled.

Discovered by the Crusaders of Rust CTF team via syzkaller fuzzing in January 2022, the vulnerability earned a $31,337 bug bounty from Google's kCTF Vulnerability Rewards Program and was demonstrated both as a full Ubuntu privilege escalation and as a container escape from Google's hardened kCTF environment. It is particularly significant for Kubernetes deployments, where seccomp is disabled by default, leaving the unshare syscall — the prerequisite for gaining namespace-scoped CAP_SYS_ADMIN — freely accessible to all container workloads.

What Is the Linux Kernel?

The Linux kernel is the foundational software layer between hardware and user-space programs, running in every major Linux distribution, cloud instance, and container runtime. The Filesystem Context API (introduced in Linux 5.1) provides a mechanism for userspace to configure and mount filesystems via syscalls including fsopen(), fsconfig(), and fsmount(). A privilege escalation flaw in this subsystem allows any local process to corrupt kernel memory and obtain root access.

Affected Versions

The vulnerable legacy_parse_param code was introduced with the Filesystem Context API in Linux 5.1-rc1 (March 2019). Kernels prior to 5.1 are not affected.

Affected distributions (at time of coordinated disclosure, January 18, 2022): Ubuntu 20.04 LTS (HWE kernels), Ubuntu 21.10, Debian 11, Amazon Linux 2, Google Container-Optimized OS (GKE), Azure AKS. Debian Buster and Stretch were not affected (kernel predates 5.1).

Technical Details

Root Cause: Integer Underflow in legacy_parse_param

Linux 5.1 introduced a new Filesystem Context API to modernize how filesystems are mounted. Filesystems not yet converted to the new API fall back to legacy_parse_param() in fs/fs_context.c, which accumulates KEY=VALUE parameter strings passed via fsconfig() into a heap-allocated 4 KiB buffer.

The bounds check in legacy_parse_param was:

if (len > PAGE_SIZE - 2 - size)
    return invalf(fc, "VFS: Legacy: parameter too large");

Where size is an unsigned integer tracking how much of the 4 KiB buffer has been filled. When size reaches 4094 bytes (after approximately 117 iterations of appending 35-byte key=value strings), the expression PAGE_SIZE - 2 - size evaluates to 4096 - 2 - 4094 = 0. One byte further and it wraps: 4096 - 2 - 4095 = -1, which in unsigned arithmetic becomes 0xFFFFFFFFFFFFFFFF. The check is now permanently bypassed — any len value satisfies len > 0xFFFFFFFFFFFFFFFF as false, and all subsequent fsconfig() calls append data past the end of the 4 KiB allocation.

The fix (commit 722d94847de2) reorders the arithmetic to avoid underflow:

if (size + len + 2 > PAGE_SIZE)   // addition cannot underflow; always safe

Why User Namespaces Are the Attack Vector

fsconfig() requires CAP_SYS_ADMIN. Ordinarily this blocks unprivileged users. However, any user can create a new user namespace via:

unshare(CLONE_NEWNS | CLONE_NEWUSER);

Within a user namespace, the calling process holds a full set of capabilities — including CAP_SYS_ADMIN — scoped to that namespace. The fsconfig() call proceeds, triggering the overflow. The kernel writes into global kernel memory, not namespace-scoped memory, so the overflow corrupts kernel state with host-level impact.

This is why user.max_user_namespaces = 0 is an effective mitigation: without the ability to create a user namespace, an unprivileged process cannot acquire CAP_SYS_ADMIN, and the fsconfig() syscall is blocked before it reaches the vulnerable code.

Exploitation: Step by Step

1. Gain namespace-scoped CAP_SYS_ADMIN via unshare(CLONE_NEWNS | CLONE_NEWUSER).
2. Open a legacy filesystem context via fsopen("ext4", 0), allocating the 4 KiB accumulation buffer in the kmalloc-4k slab.
3. Trigger the integer underflow and overflow by calling fsconfig() ~118 times with 35-byte key=value strings, driving size past 4094 and bypassing the bounds check.
4. Spray msg_msg objects into the kmalloc-4k slab. The overflow corrupts the m_ts (message size) field of an adjacent msg_msg, enabling an out-of-bounds kernel read via msgrcv(MSG_COPY) to leak kernel pointers and defeat KASLR.
5. Obtain an arbitrary write primitive via one of two paths:
   • Ubuntu (FUSE) path: Use a FUSE filesystem to pause a usercopy operation and redirect the kernel write to a controlled address.
   • kCTF (hardened) path: Cross-cache overflow into pipe_buffer objects, overwrite pipe_buffer->ops pointer, execute a kernel ROP chain to call commit_creds(prepare_kernel_cred(NULL)).
6. Escalate privileges:
   • Ubuntu: Overwrite modprobe_path kernel variable to execute a root script when a misformatted binary is run.
   • kCTF: After gaining kernel root, call setns() to enter the host mount namespace and escape the container.

Attack Characteristics

Discovery

chop0 (Crusaders of Rust CTF team) discovered the bug via syzkaller fuzzing on January 6, 2022. The full exploit was developed collaboratively by the Crusaders of Rust team — will, chop0, clubby789, Day91, ryaagard, and ginkoid — who demonstrated both a full Ubuntu LPE and a container escape from Google's hardened kCTF environment. The research was submitted to Google's kCTF Vulnerability Rewards Program. A parallel independent discovery by n0psledbyte of StarLabs resulted in a reduced bounty award of $31,337 (from a possible $50,337). Coordinated disclosure to the oss-security mailing list and simultaneous kernel patch release occurred on January 18, 2022.

Exploitation Context

• PoC published: January 25, 2022 — one week after coordinated disclosure
• kCTF container escape: The exploit demonstrated a full breakout from Google's hardened kCTF container environment — a high bar that validates real-world container escape capability
• Kubernetes impact: Default Kubernetes configurations do not apply seccomp, leaving the unshare syscall available to all container workloads; any Kubernetes node running an affected kernel was exploitable from within any pod
• CISA KEV added: August 21, 2024 — over two years after disclosure, confirming active exploitation against federal systems continued well past the initial patch window

Remediation

Immediate Mitigation: Disable User Namespaces

If user namespaces are not required by your workload, disable them to eliminate the attack path:

sysctl -w user.max_user_namespaces=0
echo "user.max_user_namespaces = 0" >> /etc/sysctl.d/99-hardening.conf

Note that this will break rootless containers (Podman, Docker rootless mode) and any workload that relies on user namespace creation. Evaluate against your deployment before applying. On Ubuntu, an equivalent control is kernel.unprivileged_userns_clone = 0.

Recommended Actions

1. Apply your distribution's patched kernel — fixed in Linux 5.16.2, 5.15.16, 5.10.93, 5.4.173. Verify with uname -r.

2. Apply distribution errata:

   • Ubuntu: USN-5240-1
   • RHEL 8 / 9: apply available kernel security errata

3. Disable user namespaces as above if not needed — this is the most impactful interim mitigation and eliminates the zero-privilege escalation path entirely.

4. Kubernetes / container environments: Apply the seccomp RuntimeDefault profile to all workload pods, which blocks unshare from within containers. This is not the default in Kubernetes and must be set explicitly via pod security context or admission policy.

5. Harden the kernel baseline: The user-namespace-based escalation path has been used repeatedly across many Linux kernel CVEs. Disabling user namespaces and applying the full KSPP baseline — including user.max_user_namespaces = 0, kernel.unprivileged_bpf_disabled = 1, and vm.unprivileged_userfaultfd = 0 — systematically reduces the attack surface available to local privilege escalation chains.