CVE-2022-25265

HIGH

Linux kernel <5.16.10 - Memory Corruption

Title source: llm

Description

In the Linux kernel through 5.16.10, certain binary files may have the exec-all attribute if they were built in approximately 2003 (e.g., with GCC 3.2.2 and Linux kernel 2.4.20). This can cause execution of bytes located in supposedly non-executable regions of a file.

Exploits (1)

nomisec WORKING POC 13 stars

by x0reaxeax · poc

https://github.com/x0reaxeax/exec-prot-bypass

View Code ZIP pw:eip

References (3)

[Exploit, Third Party Advisory] https://github.com/x0reaxeax/exec-prot-bypass

[Patch, Third Party Advisory] https://github.com/torvalds/linux/blob/1c33bb0507508af24fd754dd7123bd8e997fab2f/arch/x86/include/asm/elf.h#L281-L294

[Third Party Advisory] https://security.netapp.com/advisory/ntap-20220318-0005/

Scores

CVSS v3 7.8

EPSS 0.0027

EPSS Percentile 50.5%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-913

Status published

Products (9)

linux/linux_kernel < 5.16.10

netapp/baseboard_management_controller_firmware

netapp/h300e_firmware

netapp/h300s_firmware

netapp/h410s_firmware

netapp/h500e_firmware

netapp/h500s_firmware

netapp/h700e_firmware

netapp/h700s_firmware

Published Feb 16, 2022

Tracked Since Feb 18, 2026