CVE-2022-24122

HIGH

Linux kernel <5.16.4 - Privilege Escalation

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2022-24122. PoCs published by meowmeowxw.

AI-analyzed exploit summary This PoC exploits CVE-2022-24122, a denial-of-service vulnerability in the Linux kernel's shared memory handling. It uses shared memory segments and message queue spraying to trigger a race condition, leading to a system crash.

Description

kernel/ucount.c in the Linux kernel 5.14 through 5.16.4, when unprivileged user namespaces are enabled, allows a use-after-free and privilege escalation because a ucounts object can outlive its namespace.

Exploits (1)

nomisec WORKING POC 13 stars
by meowmeowxw · poc
https://github.com/meowmeowxw/CVE-2022-24122

This PoC exploits CVE-2022-24122, a denial-of-service vulnerability in the Linux kernel's shared memory handling. It uses shared memory segments and message queue spraying to trigger a race condition, leading to a system crash.

Classification
Working Poc 95%
Attack Type
Dos
Complexity
Moderate
Reliability
Racy
Target: Linux kernel (specific versions affected by CVE-2022-24122)
No auth needed
Prerequisites: Linux system with vulnerable kernel · Ability to execute unprivileged code
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

Scores

CVSS v3 7.8
EPSS 0.0101
EPSS Percentile 59.0%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-416
Status published
Products (11)
fedoraproject/fedora 34
fedoraproject/fedora 35
linux/linux_kernel 5.14 - 5.15.19
netapp/h300e_firmware
netapp/h300s_firmware
netapp/h410c_firmware
netapp/h410s_firmware
netapp/h500e_firmware
netapp/h500s_firmware
netapp/h700e_firmware
... and 1 more
Published Jan 29, 2022
Tracked Since Feb 18, 2026