CVE-2022-2639 PoC — Linux kernel 数字错误漏洞

Source

https://github.com/bb33bb/CVE-2022-2639-PipeVersion

Associated Vulnerability

Title:Linux kernel 数字错误漏洞 (CVE-2022-2639)
Description:Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel存在数字错误漏洞，该漏洞源于在 openvswitch 内核模块中发现整数强制错误。给定足够多的操作，在为新流的新操作复制和保留内存时，reserve_sfa_size() 函数不会按预期返回 -EMSGSIZE，这可能会导致越界写入访问。此漏洞允许本地用户崩溃或可能提升他们在系统上的权限。

Description

CVE-2022-2639 Linux kernel openvswitch local privilege escalation

Readme

# CVE-2022-2639 (using pipe primitive)

[CVE-2022-2639](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2639): Linux kernel openvswitch local privilege escalation.

- introduced in: [e64457191a259537bbbfaebeba9a8043786af96f](https://github.com/torvalds/linux/commit/e64457191a259537bbbfaebeba9a8043786af96f) (v3.13)

- fixed in: [cefa91b2332d7009bc0be5d951d6cbbf349f90f8](https://github.com/torvalds/linux/commit/cefa91b2332d7009bc0be5d951d6cbbf349f90f8) (v5.18)



> Using pipe-primitive to exploit CVE-2022-2639, so no kaslr leak nor smap smep ktpi bypass is needed :)
>
> (Q: What is pipe-primitive? A: https://github.com/veritas501/pipe-primitive)

Chinese writeup: coming soon.

!! **For educational / research purposes only. Use at your own risk.** !!

Tested on 5.13, 5.4, 4.18.

![](assets/success.png)

File Snapshot


 [4.0K]  /data/pocs/4490e2005c163371c9165311c0a550daa4807efa
├── [4.0K]  assets
│   └── [ 44K]  success.png
├── [ 36K]  exploit.c
├── [ 183]  Makefile
├── [ 14K]  poc.c
├── [ 819]  README.md
└── [252K]  sample_config

1 directory, 6 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!