OSG-SEC-2022-01-25 CRITICAL heap buffer overflow vulnerability in Linux kernel for RHEL 8 and derivatives
Dear OSG Security Contacts,
A heap buffer overflow has been found in the Linux kernel for RHEL 8 and derivative operating systems. Exploitation of this vulnerability could allow an unprivileged user to elevate privileges on the system .
RHEL 8 systems and derivatives running containers and/or with user namespaces enabled.
WHAT ARE THE VULNERABILITIES:
A heap-based buffer overflow flaw in the way the legacy_parse_param function in the Filesystem Context functionality of the Linux kernel verified the supplied parameters length which could be used for privilege escalation.
WHAT YOU SHOULD DO:
Update to a fixed kernel version when available for your distribution. 
On systems not running containers, you can disable user namespaces by setting user.max_user_namespaces to 0 : RHEL 8: echo "user.max_user_namespaces=0" \ > /etc/sysctl.d/userns.conf sysctl -p /etc/sysctl.d/userns.conf
CentOS 8: echo "user.max_user_namespaces = 0" \ > /etc/sysctl.d/90-max_user_namespaces.conf sysctl -p /etc/sysctl.d/90-max_user_namespaces.conf
Please contact the OSG security team at [email protected] if you have any questions or concerns.
OSG Security Team