CVE-2022-23222

HIGH

Linux Kernel 5.8.0-5.15.14 - Local Privilege Escalation via BPF Verifier Pointer Arithmetic

Title source: llm

Exploitation Summary

EIP tracks 4 public exploits for CVE-2022-23222. PoCs published by tr3ee, PenteraIO, FridayOrtiz.

AI-analyzed exploit summary This is a functional local privilege escalation (LPE) exploit for CVE-2022-23222, leveraging a vulnerability in the Linux kernel's eBPF verifier to achieve arbitrary read/write primitives and ultimately escalate privileges to root.

Description

kernel/bpf/verifier.c in the Linux kernel through 5.15.14 allows local users to gain privileges because of the availability of pointer arithmetic via certain *_OR_NULL pointer types.

Exploits (4)

nomisec WORKING POC 579 stars

by tr3ee · poc

https://github.com/tr3ee/CVE-2022-23222

View Code ZIP pw:eip

This is a functional local privilege escalation (LPE) exploit for CVE-2022-23222, leveraging a vulnerability in the Linux kernel's eBPF verifier to achieve arbitrary read/write primitives and ultimately escalate privileges to root.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Complex

Reliability

Reliable

Target: Linux kernel (specific versions affected by CVE-2022-23222)

No auth needed

Prerequisites: Linux kernel with vulnerable eBPF verifier · Local user access

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1611 - Escape to Host

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC 6 stars

by PenteraIO · poc

https://github.com/PenteraIO/CVE-2022-23222-POC

View Code ZIP pw:eip

This is a functional proof-of-concept exploit for CVE-2022-23222, a local privilege escalation vulnerability in the Linux kernel's eBPF subsystem. The exploit manipulates eBPF maps to achieve arbitrary memory read/write and escalate privileges to root.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Complex

Reliability

Reliable

Target: Linux kernel (tested on Ubuntu 20.04 with kernel 5.13.0-27-generic)

No auth needed

Prerequisites: Linux system with vulnerable kernel · libbpf installed · eBPF enabled

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC 1 stars

by FridayOrtiz · poc

https://github.com/FridayOrtiz/CVE-2022-23222

View Code ZIP pw:eip

This repository contains a working proof-of-concept exploit for CVE-2022-23222, a Linux kernel eBPF verifier vulnerability. The exploit leverages a pointer type mismatch to perform out-of-bounds memory access, leading to a local privilege escalation (LPE).

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Complex

Reliability

Reliable

Target: Linux kernel versions 5.8 to 5.13 (eBPF verifier)

No auth needed

Prerequisites: Linux kernel with vulnerable eBPF verifier (5.8 to 5.13) · Ability to load eBPF programs

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec STUB

by LeoMarche · poc

https://github.com/LeoMarche/ProjetSecu

View Code ZIP pw:eip

The repository contains only a README.md file referencing a report and a Vagrantfile for a PoC, but no actual exploit code or technical details are provided.

Classification

Stub 30%

Attack Type

Other

Complexity

Unknown

Reliability

Theoretical

Target: unknown

No auth needed

devstral-2 · analyzed Feb 16, 2026 Full analysis →