CVE-2022-0435

HIGH

Linux Kernel >=4.8 <4.9.301 - Stack Overflow in TIPC Protocol

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2022-0435. PoCs published by Spydomain, wlswotmd, sandesh9978.

AI-analyzed exploit summary This repository contains a functional exploit for CVE-2022-0435, a stack overflow vulnerability in the Linux kernel's TIPC module. The exploit includes KASLR support and demonstrates privilege escalation to root by leveraging crafted TIPC packets and memory corruption techniques.

Description

A stack overflow flaw was found in the Linux kernel's TIPC protocol functionality in the way a user sends a packet with malicious content where the number of domain member nodes is higher than the 64 allowed. This flaw allows a remote user to crash the system or possibly escalate their privileges if they have access to the TIPC network.

Exploits (3)

nomisec WORKING POC 1 stars
by Spydomain · poc
https://github.com/Spydomain/CVE-2022-0435-Poc

This repository contains a functional exploit for CVE-2022-0435, a stack overflow vulnerability in the Linux kernel's TIPC module. The exploit includes KASLR support and demonstrates privilege escalation to root by leveraging crafted TIPC packets and memory corruption techniques.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Complex
Reliability
Reliable
Target: Linux kernel 5.13.0-generic
No auth needed
Prerequisites: Linux kernel 5.13.0-generic · TIPC module loaded · KASLR offset leaked via leak.py
devstral-2 · analyzed Mar 06, 2026 Full analysis →
nomisec WORKING POC 1 stars
by wlswotmd · poc
https://github.com/wlswotmd/CVE-2022-0435

This is a local privilege escalation (LPE) PoC for CVE-2022-0435, targeting a vulnerability in the TIPC module of the Linux kernel. The exploit manipulates TIPC protocol messages to achieve privilege escalation, assuming KASLR is disabled.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: Linux Kernel (TIPC module)
No auth needed
Prerequisites: KASLR disabled · TIPC module loaded
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC
by sandesh9978 · poc
https://github.com/sandesh9978/CVE-2022-0435

This repository contains a functional local privilege escalation exploit for CVE-2022-0435, targeting a stack overflow vulnerability in the Linux kernel's TIPC protocol. The exploit includes ROP chain construction, KASLR bypass, and a root shell payload.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Complex
Reliability
Reliable
Target: Linux Kernel 4.8 through 5.17-rc3
No auth needed
Prerequisites: Local access to the target system · TIPC module loaded · Kernel version within affected range
devstral-2 · analyzed Mar 05, 2026 Full analysis →

References (3)

Core 3
Core References
Issue Tracking, Patch, Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2048738
Exploit, Mailing List, Mitigation, Patch, Third Party Advisory
https://www.openwall.com/lists/oss-security/2022/02/10/1

Scores

CVSS v3 8.8
EPSS 0.6799
EPSS Percentile 99.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-787
Status published
Products (43)
fedoraproject/fedora 34
fedoraproject/fedora 35
linux/linux_kernel 5.17 (4 CPE variants)
linux/linux_kernel 4.8 - 4.9.301
netapp/h300e_firmware
netapp/h300s_firmware
netapp/h410s_firmware
netapp/h500e_firmware
netapp/h500s_firmware
netapp/h700e_firmware
... and 33 more
Published Mar 25, 2022
Tracked Since Feb 18, 2026