---
title: "Statement on the recent CVE-2022-0185 vulnerability - Blog - Coder"
description: "This vulnerability affects users of Coder. Coder relies upon third-party components such as Docker, Sysbox, and Podman."
image: "/api/dynamic-og?title=Statement+on+the+recent+CVE-2022-0185+vulnerability+&randomBackground=true&styles=%7B%22height%22%3A162%2C%22width%22%3A302%2C%22padding%22%3A16%2C%22titleSize%22%3A24%2C%22logo%22%3A%7B%22width%22%3A80%2C%22height%22%3A12.15%7D%7D"
canonical: "https://coder.com/blog/statement-on-the-recent-cve-2022-0185-vulnerability"
---

Jan 21 20221 min read

# Statement on the recent CVE-2022-0185 vulnerability

[Cian Johnston](https://coder.com/blog/author/cian)[Jonathan Yu](https://coder.com/blog/author/jawnsy)

Share this article

Recently, [a vulnerability (CVE-2022-0185) was discovered in the Linux kernel](https://www.openwall.com/lists/oss-security/2022/01/18/7) (versions 5.1 and above). This vulnerability allows a user with **local access** inside a **non-privileged user namespace** to gain **root access** by exploiting an integer underflow to gain the CAP_SYS_ADMIN capability in a new user namespace, which is normally reserved for processes running as the **root** user.

**This vulnerability affects users of Coder.**

In order to exploit this vulnerability, a user must be logged into a Coder workspace.

Coder relies upon third-party components such as Docker, Sysbox, and Podman. These in turn rely heavily upon non-privileged user namespaces for security and isolation. The Nestybox team, for example, has [confirmed](https://github.com/nestybox/sysbox/commit/3a73a4bcdf5dcf1bb2c6357f8ba6a5cdc2c88b11) that this issue affects downstream users.

One accepted mitigation strategy is to disable unprivileged user namespaces:

```

```

However, this mitigation strategy may interfere with core system functionality Coder needs to work. We therefore **cannot recommend** this. We instead recommend that you **update the Linux kernel** on all systems that run Coder workspaces as soon as possible.

We also recommend that if you have updated to Coder version 1.27 already, you may wish to enable [workspace process logging](https://coder.com/docs/coder/latest/admin/workspace-management/process-logging), which will enable you monitor any attempts to exploit this vulnerability.

The Ubuntu and Red Hat kernel maintainers have released security bulletins for this issue:

- Ubuntu: [https://ubuntu.com/security/CVE-2022-0185](https://ubuntu.com/security/CVE-2022-0185)
- Red Hat: [https://access.redhat.com/security/cve/CVE-2022-0185](https://access.redhat.com/security/cve/CVE-2022-0185)

If you are using a different Linux distribution to run Coder, please check the security bulletins for your distribution. We recommend that you check these periodically for new information on potential vulnerabilities, and install security patches as soon as they are available.

### Subscribe to our newsletter

Want to stay up to date on all things Coder? Subscribe to our monthly newsletter for the latest articles, workshops, events, and announcements.