CVE-2022-0185 - Winning a $31337 Bounty after Pwning Ubuntu and Escaping Google's KCTF Containers

This report describes a kernel heap overflow (CVE-2022-0185) in legacy_parse_param affecting Linux kernels since 5.1, demonstrates PoCs and full exploits achieving local privilege escalation and container escape (including an exploit used successfully against a hardened kCTF environment), explains the root cause (unsigned integer underflow permitting infinite overflow into a kmalloc-4k slab), and documents mitigation (a simple bounds-check patch) and exploitation techniques (msg_msg manipulation, FUSE-based userland races, ROP to commit creds and switch namespaces).