CVE-2022-25265

HIGH

Linux kernel <5.16.10 - Memory Corruption

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2022-25265. PoCs published by x0reaxeax.

AI-analyzed exploit summary This PoC demonstrates a bypass of executable-space protection (NX) by exploiting the absence of the PT_GNU_STACK header in binaries compiled with older tools, allowing execution of code in non-executable memory regions. It copies opcodes from a dummy function into a buffer and executes them, proving RWX access.

Description

In the Linux kernel through 5.16.10, certain binary files may have the exec-all attribute if they were built in approximately 2003 (e.g., with GCC 3.2.2 and Linux kernel 2.4.20). This can cause execution of bytes located in supposedly non-executable regions of a file.

Exploits (1)

nomisec WORKING POC 13 stars

by x0reaxeax · poc

https://github.com/x0reaxeax/exec-prot-bypass

View Code ZIP pw:eip

This PoC demonstrates a bypass of executable-space protection (NX) by exploiting the absence of the PT_GNU_STACK header in binaries compiled with older tools, allowing execution of code in non-executable memory regions. It copies opcodes from a dummy function into a buffer and executes them, proving RWX access.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Linux kernel (x86) with executables lacking PT_GNU_STACK header

No auth needed

Prerequisites: Binary compiled with older tools (e.g., gcc 3.2.2) lacking PT_GNU_STACK header · x86 architecture · Linux kernel (tested on 5.16.1)

MITRE ATT&CK

T1211 - Exploitation for Defense Evasion T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit, Third Party Advisory x_refsource_misc

https://github.com/x0reaxeax/exec-prot-bypass

Patch, Third Party Advisory x_refsource_misc

https://github.com/torvalds/linux/blob/1c33bb0507508af24fd754dd7123bd8e997fab2f/arch/x86/include/asm/elf.h#L281-L294

View Patch ZIP pw:eip

Third Party Advisory x_refsource_confirm

https://security.netapp.com/advisory/ntap-20220318-0005/

Scores

CVSS v3 7.8

EPSS 0.0106

EPSS Percentile 60.1%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-913

Status published

Products (9)

linux/linux_kernel < 5.16.10

netapp/baseboard_management_controller_firmware

netapp/h300e_firmware

netapp/h300s_firmware

netapp/h410s_firmware

netapp/h500e_firmware

netapp/h500s_firmware

netapp/h700e_firmware

netapp/h700s_firmware

Published Feb 16, 2022

Tracked Since Feb 18, 2026