CVE-2022-2639

kernel: openvswitch: integer underflow leads to out-of-bounds write in reserve_sfa_size()

Severity Score

7.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

An integer coercion error was found in the openvswitch kernel module. Given a sufficiently large number of actions, while copying and reserving memory for a new action of a new flow, the reserve_sfa_size() function does not return -EMSGSIZE as expected, potentially leading to an out-of-bounds write access. This flaw allows a local user to crash or potentially escalate their privileges on the system.

Se ha encontrado un error de coerción de enteros en el módulo del kernel openvswitch. Dado un número suficientemente grande de acciones, mientras ses copiado y es reservada memoria para una nueva acción de un nuevo flujo, la función reserve_sfa_size() no devuelve -EMSGSIZE como es esperado, conllevando potencialmente a un acceso de escritura fuera de límites. Este fallo permite a un usuario local bloquearse o potencialmente escalar sus privilegios en el sistema

*Credits: N/A

CVSS Scores

NISTv3.1 7.8

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2022-08-03 CVE Reserved
2022-09-01 CVE Published
2022-09-05 First Exploit
2023-03-08 EPSS Updated
2024-08-03 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-192: Integer Coercion Error
CWE-681: Incorrect Conversion between Numeric Types

CAPEC

References (6)

URL	Tag	Source

URL	Date	SRC
https://github.com/bb33bb/CVE-2022-2639-PipeVersion	2022-09-05
https://github.com/letsr00t/-2022-LOCALROOT-CVE-2022-2639	2024-02-05
https://github.com/EkamSinghWalia/Detection-and-Mitigation-for-CVE-2022-2639	2022-10-25
https://github.com/torvalds/linux/commit/cefa91b2332d7009bc0be5d951d6cbbf349f90f8	2024-08-03

URL	Date	SRC
https://bugzilla.redhat.com/show_bug.cgi?id=2084479	2023-01-10

URL	Date	SRC
https://access.redhat.com/security/cve/CVE-2022-2639	2023-01-10

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.18.139 < 3.19 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.18.139 < 3.19"		-		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.4.179 < 4.5 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.4.179 < 4.5"		-		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.9.169 < 4.9.312 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.9.169 < 4.9.312"		-		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.14.112 < 4.14.277 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.14.112 < 4.14.277"		-		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.19.35 < 4.19.240 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.19.35 < 4.19.240"		-		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.0.8 < 5.4.191 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.0.8 < 5.4.191"		-		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.5 < 5.10.113 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.5 < 5.10.113"		-		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.11 < 5.15.36 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.11 < 5.15.36"		-		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.16 < 5.17.5 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.16 < 5.17.5"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux"				8.0 Search vendor "Redhat" for product "Enterprise Linux" and version "8.0"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux"				9.0 Search vendor "Redhat" for product "Enterprise Linux" and version "9.0"		-		Affected