CVE-2022-1011

HIGH

Linux Kernel < 5.17 - Use-After-Free in FUSE Filesystem via write()

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2022-1011. PoCs published by xkaneiki.

AI-analyzed exploit summary This repository contains a proof-of-concept exploit for CVE-2022-1011, a vulnerability in the Linux kernel's FUSE (Filesystem in Userspace) implementation. The exploit leverages the asynchronous behavior of splice to retain references to memory pages in the filesystem process after the client's write operation has completed, potentially leading to information disclosure or other impacts.

Description

A use-after-free flaw was found in the Linux kernel’s FUSE filesystem in the way a user triggers write(). This flaw allows a local user to gain unauthorized access to data from the FUSE filesystem, resulting in privilege escalation.

Exploits (1)

nomisec WORKING POC 8 stars

by xkaneiki · poc

https://github.com/xkaneiki/CVE-2022-1011

View Code ZIP pw:eip

This repository contains a proof-of-concept exploit for CVE-2022-1011, a vulnerability in the Linux kernel's FUSE (Filesystem in Userspace) implementation. The exploit leverages the asynchronous behavior of splice to retain references to memory pages in the filesystem process after the client's write operation has completed, potentially leading to information disclosure or other impacts.

Classification

Working Poc 90%

Attack Type

Info Leak

Complexity

Moderate

Reliability

Reliable

Target: Linux kernel (FUSE subsystem)

No auth needed

Prerequisites: Linux system with FUSE support · Ability to mount FUSE filesystems

MITRE ATT&CK

T1069 - Permission Groups Discovery T1082 - System Information Discovery

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5

Core References

Mailing List, Third Party Advisory mailing-list

https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html

Third Party Advisory vendor-advisory

https://www.debian.org/security/2022/dsa-5173

Issue Tracking, Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=2064855

Vendor Advisory

https://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/fuse.git/commit/?h=for-next

Third Party Advisory

https://www.oracle.com/security-alerts/cpujul2022.html

Scores

CVSS v3 7.8

EPSS 0.0118

EPSS Percentile 63.8%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-416

Status published

Products (35)

debian/debian_linux 9.0

debian/debian_linux 10.0

fedoraproject/fedora 34

fedoraproject/fedora 35

linux/linux_kernel 5.17 (6 CPE variants)

linux/linux_kernel < 5.17

netapp/h300e_firmware

netapp/h300s_firmware

netapp/h410c_firmware

netapp/h410s_firmware

... and 25 more

Published Mar 18, 2022

Tracked Since Feb 18, 2026