Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2022-2639 PoC — Linux kernel 数字错误漏洞

Source
https://github.com/bb33bb/CVE-2022-2639-PipeVersion
Associated Vulnerability
Title:Linux kernel 数字错误漏洞 (CVE-2022-2639)
Description:An integer coercion error was found in the openvswitch kernel module. Given a sufficiently large number of actions, while copying and reserving memory for a new action of a new flow, the reserve_sfa_size() function does not return -EMSGSIZE as expected, potentially leading to an out-of-bounds write access. This flaw allows a local user to crash or potentially escalate their privileges on the system.
Description
CVE-2022-2639 Linux kernel openvswitch local privilege escalation
Readme
# CVE-2022-2639 (using pipe primitive)

[CVE-2022-2639](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2639): Linux kernel openvswitch local privilege escalation.

- introduced in: [e64457191a259537bbbfaebeba9a8043786af96f](https://github.com/torvalds/linux/commit/e64457191a259537bbbfaebeba9a8043786af96f) (v3.13)

- fixed in: [cefa91b2332d7009bc0be5d951d6cbbf349f90f8](https://github.com/torvalds/linux/commit/cefa91b2332d7009bc0be5d951d6cbbf349f90f8) (v5.18)



> Using pipe-primitive to exploit CVE-2022-2639, so no kaslr leak nor smap smep ktpi bypass is needed :)
>
> (Q: What is pipe-primitive? A: https://github.com/veritas501/pipe-primitive)

Chinese writeup: coming soon.

!! **For educational / research purposes only. Use at your own risk.** !!

Tested on 5.13, 5.4, 4.18.

![](assets/success.png)
File Snapshot

 [4.0K]  /data/pocs/4490e2005c163371c9165311c0a550daa4807efa
├── [4.0K]  assets
│   └── [ 44K]  success.png
├── [ 36K]  exploit.c
├── [ 183]  Makefile
├── [ 14K]  poc.c
├── [ 819]  README.md
└── [252K]  sample_config

1 directory, 6 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →