2022

March 21, 2023 · View on GitHub

CVE-2022-0185

ReferenceCVE-2022-0185
Writeups/ExploitsWill's Root: CVE-2022-0185 - Winning a $31337 Bounty after Pwning Ubuntu and Escaping Google's KCTF Containers
oss-security - CVE-2022-0185: Linux kernel slab out-of-bounds write: exploit and writeup
Hack The Box Blog - CVE-2022-0185: A Case Study
ComponentVirtual Filesystem (fsconfig system call)
Vulnerability TypeInteger underflow lading to a heap out-of-bounds write
ImpactLPE

CVE-2022-0435

ReferenceCVE-2022-0435
Writeups/Exploitsoss-security - CVE-2022-0435: Remote Stack Overflow in Linux Kernel TIPC Module since 4.8 (net/tipc)
CVE-2022-0435: A Remote Stack Overflow in The Linux Kernel
Writing a Linux Kernel Remote in 2022
ComponentTIPC (Transparent Inter-Process Communication)
Vulnerability TypeStack Overflow
ImpactRCE

CVE-2022-0492

ReferenceCVE-2022-0492
Writeups/ExploitsNew Linux Vulnerability CVE-2022-0492 Affecting Cgroups: Can Containers Escape?
Componentcgroups
Vulnerability TypeLogic bug
ImpactContainer escape

CVE-2022-0847 (Dirty Pipe)

ReferenceCVE-2022-0847
Writeups/ExploitsThe Dirty Pipe Vulnerability — The Dirty Pipe Vulnerability documentation
https://haxx.in/files/dirtypipez.c
Making Sense Of The Dirty Pipe Vulnerability (CVE-2022-0847) - RedHunt Labs
The Dirty Pipe Vulnerability: Overview, Detection, and Remediation
DirtyPipe-Android/TECHNICAL-DETAILS.md · polygraphene/DirtyPipe-Android
Exploration of the Dirty Pipe Vulnerability (CVE-2022-0847) :: lolcads tech blog
GitHub - qwert419/linux: CVE-2022-0847
ComponentFilesystem (pipes, splice system call)
Vulnerability TypeUninitialized data
ImpactLPE

CVE-2022-0995

ReferenceCVE-2022-0995
Writeups/ExploitsGitHub - Bonfee/CVE-2022-0995: CVE-2022-0995 exploit
Componentwatch_queue
Vulnerability TypeOut-of-bounds write
ImpactLPE

CVE-2022-1015

ReferenceCVE-2022-1015
Writeups/Exploitsoss-security - Linux kernel: CVE-2022-1015,CVE-2022-1016 in nf_tables cause privilege escalation, information leak
How The Tables Have Turned: An analysis of two new Linux vulnerabilities in nf_tables · David's Blog
GitHub - pqlx/CVE-2022-1015: Local privilege escalation PoC for Linux kernel CVE-2022-1015
ComponentNetfilter
Vulnerability TypeOut-of-bounds write
ImpactLPE

CVE-2022-1016

ReferenceCVE-2022-1016
Writeups/Exploitsoss-security - Linux kernel: CVE-2022-1015,CVE-2022-1016 in nf_tables cause privilege escalation, information leak
How The Tables Have Turned: An analysis of two new Linux vulnerabilities in nf_tables · David's Blog
ComponentNetfilter
Vulnerability TypeUse-after-free
ImpactInformation leak

CVE-2022-1048

ReferenceCVE-2022-1048
Writeups/Exploitsoss-security - Linux Kernel: Race Condition in snd_pcm_hw_free leading to use-after-free
ComponentSound subsystem
Vulnerability TypeRace condition / Use-after-free
Impact

CVE-2022-1729

ReferenceCVE-2022-1729
Writeups/Exploitsoss-sec: CVE-2022-1729: race condition in Linux perf subsystem leads to local privilege escalation
Componentperf subsystem
Vulnerability TypeRace condition
ImpactLPE

CVE-2022-1786

ReferenceCVE-2022-1786
Writeups/ExploitsCVE-2022-1786 - A Journey To The Dawn | kylebot's Blog
ComponentUse-after-free
Vulnerability Typeio_uring
ImpactLPE

CVE-2022-1882

ReferenceCVE-2022-1882
Writeups/ExploitsSSD Advisory – Linux CONFIG_WATCH_QUEUE LPE - SSD Secure Disclosure
Componentwatch_queue
Vulnerability TypeRace condition / use-after-free
ImpactLPE

CVE-2022-1972

ReferenceCVE-2022-1972
Writeups/Exploitsoss-sec: CVE-2022-1972: out-of-bound write in Linux netfilter subsystem leads to local privilege escalation
Yet another bug into Netfilter
ComponentNetfilter
Vulnerability TypeInteger overflow leading to stack out-of-bounds write
ImpactInformation leak, could be escalated to LPE (no exploit though)

CVE-2022-22942

ReferenceCVE-2022-22942
Writeups/Exploitsopensrcsec/same_type_object_reuse_exploits
Canary in the Kernel Mine: Exploiting and Defending Against Same-Type Object Reuse
Componentvmwgfx driver
Vulnerability TypeUse-after-free
ImpactLPE

CVE-2022-2318

ReferenceCVE-2022-2318
Writeups/Exploitsoss-sec: Re: Linux kernel: UAF vulnerabilities in rose protocol
Componentrose driver
Vulnerability TypeUse-after-free
Impact

CVE-2022-24354 (Zenith)

ReferenceCVE-2022-24354
Writeups/Exploits0vercl0k/zenith
Competing in Pwn2Own 2021 Austin: Icarus at the Zenith
ComponentNetUSB driver
Vulnerability TypeInteger overflow leading to heap buffer overflow
ImpactRCE

CVE-2022-25636

ReferenceCVE-2022-25636
Writeups/Exploitshttps://nickgregory.me/linux/security/2022/03/12/cve-2022-25636/
https://www.openwall.com/lists/oss-security/2022/02/21/2
https://github.com/Bonfee/CVE-2022-25636
ComponentNetfilter
Vulnerability TypeHeap out-of-bounds write
ImpactLPE

CVE-2022-2585

ReferenceCVE-2022-2585
Writeups/ExploitsSSD Advisory – Linux CLOCK_THREAD_CPUTIME_ID LPE - SSD Secure Disclosure
oss-sec: Re: CVE-2022-2585 - Linux kernel POSIX CPU timer UAF
ComponentPOSIX CPU Timer
Vulnerability TypeRace condition leading to double free
ImpactLPE

CVE-2022-2586

ReferenceCVE-2022-2586
Writeups/Exploitsoss-sec: Re: CVE-2022-2586 - Linux kernel nf_tables cross-table reference UAF
oss-security - N-day exploit for CVE-2022-2586: Linux kernel nft_object UAF
Exploiting cross table object reference in Linux Netfilter table module
ComponentNetfilter
Vulnerability TypeUse-after-free
ImpactLPE

CVE-2022-2588

ReferenceCVE-2022-2588
Writeups/Exploitsoss-sec: Re: CVE-2022-2588 - Linux kernel cls_route UAF
GitHub - Markakd/CVE-2022-2588: exploit for CVE-2022-2588
ComponentNetwork scheduler
Vulnerability TypeUse-after-free
ImpactLPE

CVE-2022-2590

ReferenceCVE-2022-2590
Writeups/Exploitsoss-sec: CVE-2022-2590: Linux kernel: Modifying shmem/tmpfs files without write permissions
Componenttmpfs
Vulnerability TypeRace condition
ImpactLPE

CVE-2022-2602

ReferenceCVE-2022-2602
Writeups/Exploits+ZDI-22-1462 - Zero Day Initiative
oss-sec: Re: CVE-2022-2602 - Linux kernel io_uring UAF
CVE-2022-2602: DirtyCred File Exploitation applied on an io_uring UAF – Hacktive Security Blog
DirtyCred Remastered - LukeGix
Componentio_uring
Vulnerability TypeUse-after-free
ImpactLPE

CVE-2022-2639

ReferenceCVE-2022-2639
Writeups/ExploitsGitHub - veritas501/CVE-2022-2639-PipeVersion (Wayback Machine)
Componentopenvswitch module
Vulnerability TypeInteger coercion error leading to out-of-bounds write
ImpactLPE

CVE-2022-27666

ReferenceCVE-2022-27666
Writeups/ExploitsCVE-2022-27666: Exploit esp6 modules in Linux kernel - ETenal
Componentesp6 crypto module
Vulnerability TypeHeap buffer overflow
ImpactLPE

CVE-2022-29582

ReferenceCVE-2022-29582
Writeups/ExploitsCVE-2022-29582 - An io_uring vulnerability
Componentio_uring
Vulnerability TypeUse-After-Free
ImpactLPE

CVE-2022-32550

ReferenceCVE-2022-32550
Writeups/Exploitsoss-security - Linux Kernel use-after-free write in netfilter
SETTLERS OF NETLINK: Exploiting a limited UAF in nf_tables (CVE-2022-32250) – NCC Group Research
2022_hitcon_settlers_of_netlink.pdf
GitHub - 0dayCTF/CVE-2022-32250_PoC: CVE-2022-32250 - Working Proof of Concept & Patch
Linux Kernel Exploit (CVE-2022-32250) with mqueue - Theori
Linux Kernel: Exploiting a Netfilter Use-after-Free in kmalloc-cg - Exodus Intelligence
ComponentNetfilter
Vulnerability TypeUser-After-Free
ImpactLPE

CVE-2022-34918

ReferenceCVE-2022-34918
Writeups/ExploitsNetfilter vulnerability disclosure - Hugues ANGUELKOV
CVE-2022-34918 - A crack in the Linux firewall
GitHub - veritas501/CVE-2022-34918
ComponentNetfilter
Vulnerability TypeType confusion leading to buffer overflow
ImpactLPE

CVE-2022-36123

ReferenceCVE-2022-36123
Writeups/ExploitsCVE-2022-36123 - Sick Codes
ComponentXen
Vulnerability TypeUninitialized data
ImpactDoS/Privilege Escalation

CVE-2022-37706

ReferenceCVE-2022-37706
Writeups/ExploitsGitHub - V4bel/CVE-2022-41218: Vulnerability Details for CVE-2022-41218
ComponentDVB driver
Vulnerability TypeRace condition leading to Use-After-Free
ImpactLPE

CVE-2022-41674

ReferenceCVE-2022-41674
Writeups/Exploitsoss-sec: Re: Various Linux Kernel WLAN security issues (RCE/DOS) found
Componentmac80211 subsystem
Vulnerability TypeHeap buffer overflow
ImpactRemote DoS (potentially RCE)

CVE-2022-42703

ReferenceCVE-2022-42703
Writeups/ExploitsProject Zero: Exploiting CVE-2022-42703 - Bringing back the stack attack
ComponentMemory Management subsystem
Vulnerability TypeUse-After-Free
ImpactLPE

CVE-2022-42719

ReferenceCVE-2022-42719
Writeups/Exploitsoss-sec: Re: Various Linux Kernel WLAN security issues (RCE/DOS) found
Componentmac80211 subsystem
Vulnerability TypeUser-After-Free
ImpactRemote DoS (potentially RCE)

CVE-2022-42720

ReferenceCVE-2022-42720
Writeups/Exploitsoss-sec: Re: Various Linux Kernel WLAN security issues (RCE/DOS) found
Componentmac80211 subsystem
Vulnerability TypeUser-After-Free
ImpactRemote DoS (potentially RCE)

CVE-2022-42721

ReferenceCVE-2022-42721
Writeups/Exploitsoss-sec: Re: Various Linux Kernel WLAN security issues (RCE/DOS) found
Componentmac80211 subsystem
Vulnerability TypeLogic bug
ImpactRemote DoS (potentially RCE)

CVE-2022-42722

ReferenceCVE-2022-42722
Writeups/Exploitsoss-sec: Re: Various Linux Kernel WLAN security issues (RCE/DOS) found
GitHub - jo-m/linux-wifi-ota-crash: Send arbitrary IEEE 802.11 frames with Espressif's ESP32
Componentmac80211 subsystem
Vulnerability TypeUser-After-Free
ImpactRemote DoS (potentially RCE)

CVE-2022-42895

ReferenceCVE-2022-42895
Writeups/ExploitsLinux Kernel: Infoleak in Bluetooth L2CAP Handling · Advisory · google/security-research · GitHub
ComponentBluetooth
Vulnerability TypeLogic bug
ImpactRemote Information Leak

CVE-2022-42896

ReferenceCVE-2022-42896
Writeups/ExploitsLinux Kernel: UAF in Bluetooth L2CAP Handshake · Advisory · google/security-research · GitHub
ComponentBluetooth
Vulnerability TypeUse-After-Free
ImpactRCE and Remote Information Leak

CVE-2022-4543 (EntryBleed)

ReferenceCVE-2022-4543
Writeups/ExploitsWill's Root: EntryBleed: Breaking KASLR under KPTI with Prefetch (CVE-2022-4543)
ComponentKTPI
Vulnerability TypeLogic bug
ImpactInformation Leak