What is CVE-2022-2639?

CVE-2022-2639 is a vulnerability in Kernel, classified under CWE-192. Published 2022-09-01.

Is CVE-2022-2639 known to be exploited?

39 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Kernel

CVE-2022-2639

An integer coercion error was found in the openvswitch kernel module. Given a sufficiently large number of actions, while copying and reserving memory for a new action of a new flow, the reserve_sfa_size() function does not return -EMSGSIZ…

EPSS: 0.010 (77.4th percentile) — read the EPSS interpretation.

Affected products

N/a Kernel — versions kernel 5.18

Weakness classification (CWE)

CWE-192

Public proof-of-concept exploits

bb33bb/CVE-2022-2639-PipeVersion
devetop/CVE-2022-2639-PipeVersion
letsr00t/-2022-LOCALROOT-CVE-2022-2639
EkamSinghWalia/Detection-and-Mitigation-for-CVE-2022-2639
HaxorSecInfec/autoroot.sh
J1ezds/Vulnerability-Wiki-page
JlSakuya/Linux-Privilege-Escalation-Exploits
KayCHENvip/vulnerability-poc
Miraitowa70/POC-Notes
Mr-xn/Penetration_

References

bugzilla.redhat.com/show_bug.cgi (x_refsource_MISC)
github.com/torvalds/linux/commit/cefa91b2332d7009bc0be5d951d6cbbf349f90f8 (x_refsource_MISC)

Frequently asked questions

What is CVE-2022-2639?: CVE-2022-2639 is a vulnerability in Kernel, classified under CWE-192. Published 2022-09-01.
Is CVE-2022-2639 known to be exploited?: 39 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.