CVE-2022-2602

MEDIUM

Linux Kernel < 6.0.19 - Use-After-Free in io_uring Unix SCM Garbage Collection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2022-2602. PoCs published by kiks7, LukeGix, th3-5had0w.

AI-analyzed exploit summary This exploit leverages a Use-After-Free (UAF) vulnerability in the io_uring subsystem (CVE-2022-2602) to achieve local privilege escalation by manipulating file descriptors and triggering a race condition to overwrite /etc/passwd.

Description

io_uring UAF, Unix SCM garbage collection

Exploits (3)

nomisec WORKING POC 86 stars
by kiks7 · poc
https://github.com/kiks7/CVE-2022-2602-Kernel-Exploit

This exploit leverages a Use-After-Free (UAF) vulnerability in the io_uring subsystem (CVE-2022-2602) to achieve local privilege escalation by manipulating file descriptors and triggering a race condition to overwrite /etc/passwd.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Complex
Reliability
Racy
Target: Linux Kernel (io_uring subsystem)
No auth needed
Prerequisites: Linux kernel with vulnerable io_uring implementation · Local access to the system
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 86 stars
by LukeGix · poc
https://github.com/LukeGix/CVE-2022-2602

This repository contains two proof-of-concept exploits for CVE-2022-2602, a Linux kernel vulnerability. The exploits leverage io_uring and either inode locking or userfaultfd techniques to achieve local privilege escalation by manipulating file descriptors and triggering use-after-free conditions.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Complex
Reliability
Racy
Target: Linux Kernel (specific versions affected by CVE-2022-2602)
No auth needed
Prerequisites: Local access to the vulnerable system · Kernel version affected by CVE-2022-2602
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec STUB 1 stars
by th3-5had0w · poc
https://github.com/th3-5had0w/CVE-2022-2602-Study

The provided code is a minimal stub for CVE-2022-2602, demonstrating socket allocation but lacking exploit logic. It does not contain offensive techniques or exploit the vulnerability.

Classification
Stub 80%
Attack Type
Other
Complexity
Trivial
Reliability
Theoretical
Target: Linux kernel (io_uring subsystem)
No auth needed
Prerequisites: Linux kernel with vulnerable io_uring implementation
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (7)

Core 7
Core References
Third Party Advisory third-party-advisory
https://ubuntu.com/security/notices/USN-5692-1
Third Party Advisory third-party-advisory
https://ubuntu.com/security/notices/USN-5752-1
Third Party Advisory third-party-advisory
https://ubuntu.com/security/notices/USN-5693-1
Third Party Advisory third-party-advisory
https://ubuntu.com/security/notices/USN-5691-1
Third Party Advisory third-party-advisory
https://ubuntu.com/security/notices/USN-5700-1

Scores

CVSS v3 5.3
EPSS 0.0127
EPSS Percentile 66.2%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact total

Details

CWE
CWE-416
Status published
Products (5)
canonical/ubuntu_linux 18.04
canonical/ubuntu_linux 20.04
canonical/ubuntu_linux 22.04
canonical/ubuntu_linux 22.10
linux/linux_kernel < 6.0.19
Published Jan 08, 2024
Tracked Since Feb 18, 2026