CVE-2022-0435

HIGH

Linux kernel - Memory Corruption

Title source: llm

Description

A stack overflow flaw was found in the Linux kernel's TIPC protocol functionality in the way a user sends a packet with malicious content where the number of domain member nodes is higher than the 64 allowed. This flaw allows a remote user to crash the system or possibly escalate their privileges if they have access to the TIPC network.

Exploits (3)

nomisec WORKING POC 1 stars

by Spydomain · poc

https://github.com/Spydomain/CVE-2022-0435-Poc

View Code ZIP pw:eip

nomisec WORKING POC 1 stars

by wlswotmd · poc

https://github.com/wlswotmd/CVE-2022-0435

View Code ZIP pw:eip

nomisec WORKING POC

by sandesh9978 · poc

https://github.com/sandesh9978/CVE-2022-0435

View Code ZIP pw:eip

References (3)

[Issue Tracking, Patch, Third Party Advisory] https://bugzilla.redhat.com/show_bug.cgi?id=2048738

[Third Party Advisory] https://security.netapp.com/advisory/ntap-20220602-0001/

[Exploit, Mailing List, Mitigation, Patch, Third Party Advisory] https://www.openwall.com/lists/oss-security/2022/02/10/1

Scores

CVSS v3 8.8

EPSS 0.5026

EPSS Percentile 97.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-787

Status published

Products (43)

fedoraproject/fedora 34

fedoraproject/fedora 35

linux/linux_kernel 5.17 (4 CPE variants)

linux/linux_kernel 4.8 - 4.9.301

netapp/h300e_firmware

netapp/h300s_firmware

netapp/h410s_firmware

netapp/h500e_firmware

netapp/h500s_firmware

netapp/h700e_firmware

... and 33 more

Published Mar 25, 2022

Tracked Since Feb 18, 2026