CVE-2022-1043

HIGH

io_uring Same Type Object Reuse Priv Esc

Title source: metasploit

Description

A flaw was found in the Linux kernel’s io_uring implementation. This flaw allows an attacker with a local account to corrupt system memory, crash the system or escalate privileges.

Exploits (1)

metasploit WORKING POC GREAT

by h00die, Ryota Shiga, Mathias Krause · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/local/cve_2022_1043_io_uring_priv_esc.rb

View Code ZIP pw:eip

References (5)

[Exploit, Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/170834/io_uring-Same-Type-Object-Reuse-Privilege-Escalation.html

[Third Party Advisory] https://access.redhat.com/security/cve/CVE-2022-1043

[Issue Tracking, Third Party Advisory] https://bugzilla.redhat.com/show_bug.cgi?id=1997328

[Patch, Third Party Advisory] https://github.com/torvalds/linux/commit/a30f895ad3239f45012e860d4f94c1a388b36d14

[Third Party Advisory, VDB Entry] https://www.zerodayinitiative.com/advisories/ZDI-22-362/

Scores

CVSS v3 8.8

EPSS 0.2280

EPSS Percentile 95.9%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Details

CWE

CWE-416

Status published

Products (1)

linux/linux_kernel 5.10.51 - 5.10.61

Published Aug 29, 2022

Tracked Since Feb 18, 2026