OSG-SEC-2022-01-25 CRITICAL heap buffer overflow vulnerability in Linux kernel for RHEL 8 and derivatives

Dear OSG Security Contacts,

A heap buffer overflow has been found in the Linux kernel for RHEL 8 and derivative operating systems. Exploitation of this vulnerability could allow an unprivileged user to elevate privileges on the system [1][2].

IMPACTED VERSIONS:

RHEL 8 systems and derivatives running containers and/or with user namespaces enabled.

WHAT ARE THE VULNERABILITIES:

A heap-based buffer overflow flaw in the way the legacy_parse_param function in the Filesystem Context functionality of the Linux kernel verified the supplied parameters length which could be used for privilege escalation.

WHAT YOU SHOULD DO:

Update to a fixed kernel version when available for your distribution. [3][4][5]

MITIGATIONS

On systems not running containers, you can disable user namespaces by setting user.max_user_namespaces to 0 [1]: RHEL 8: echo "user.max_user_namespaces=0" \ > /etc/sysctl.d/userns.conf sysctl -p /etc/sysctl.d/userns.conf

CentOS 8: echo "user.max_user_namespaces = 0" \ > /etc/sysctl.d/90-max_user_namespaces.conf sysctl -p /etc/sysctl.d/90-max_user_namespaces.conf

REFERENCES

[1] https://access.redhat.com/security/cve/CVE-2022-0185

[2] https://sysdig.com/blog/cve-2022-0185-container-escape/

[3] https://access.redhat.com/errata/RHSA-2022:0188

[4] https://security-tracker.debian.org/tracker/CVE-2022-0185

[5] https://ubuntu.com/security/CVE-2022-0185

Please contact the OSG security team at [email protected] if you have any questions or concerns.

OSG Security Team