A heap-based buffer overflow flaw was found in the way the legacy_parse_param function in the Filesystem Context functionality of the Linux kernel verified the supplied parameters length. A local user with CAP_SYS_ADMIN (or unprivileged if user namespaces are enabled) able to open a filesystem that does not support the Filesystem Context API (and thus fallbacks to legacy handling) could use this flaw to escalate their privileges on the system.
Bottlerocket disables user namespaces by default.
A heap-based buffer overflow flaw was found in the way the legacy_parse_param function in the Filesystem Context functionality of the Linux kernel verified the supplied parameters length. A local user with CAP_SYS_ADMIN (or unprivileged if user namespaces are enabled) able to open a filesystem that does not support the Filesystem Context API (and thus fallbacks to legacy handling) could use this flaw to escalate their privileges on the system.
Bottlerocket disables user namespaces by default.