CVE-2022-2639

HIGH

Openvswitch kernel module - Memory Corruption

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 6 public exploits for CVE-2022-2639. PoCs published by bb33bb, devetop, letsr00t.

AI-analyzed exploit summary This repository contains a functional exploit for CVE-2022-2639, a Linux kernel openvswitch local privilege escalation vulnerability. The exploit leverages the pipe-primitive technique to bypass modern kernel protections like KASLR, SMAP, and SMEP, achieving root privileges by overwriting /usr/bin/mount with a SUID shell.

Description

An integer coercion error was found in the openvswitch kernel module. Given a sufficiently large number of actions, while copying and reserving memory for a new action of a new flow, the reserve_sfa_size() function does not return -EMSGSIZE as expected, potentially leading to an out-of-bounds write access. This flaw allows a local user to crash or potentially escalate their privileges on the system.

Exploits (6)

nomisec WORKING POC 111 stars
by bb33bb · poc
https://github.com/bb33bb/CVE-2022-2639-PipeVersion

This repository contains a functional exploit for CVE-2022-2639, a Linux kernel openvswitch local privilege escalation vulnerability. The exploit leverages the pipe-primitive technique to bypass modern kernel protections like KASLR, SMAP, and SMEP, achieving root privileges by overwriting /usr/bin/mount with a SUID shell.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Complex
Reliability
Reliable
Target: Linux kernel (openvswitch module) versions 3.13 to 5.17
No auth needed
Prerequisites: Local access to a vulnerable Linux system with openvswitch module loaded · Kernel version between 3.13 and 5.17
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC
by devetop · poc
https://github.com/devetop/CVE-2022-2639-PipeVersion

This is a functional local privilege escalation (LPE) exploit for CVE-2022-2639, targeting a heap out-of-bounds write vulnerability in the Linux kernel's openvswitch module. It leverages the pipe-primitive technique to bypass modern mitigations like KASLR, SMAP, and SMEP, achieving root by overwriting /usr/bin/mount with a SUID shell.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Complex
Reliability
Reliable
Target: Linux kernel openvswitch module (versions 3.13 to 5.17)
Auth required
Prerequisites: Local user access · Open vSwitch module loaded · Kernel version between 3.13 and 5.17
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec SCANNER
by EkamSinghWalia · poc
https://github.com/EkamSinghWalia/Detection-and-Mitigation-for-CVE-2022-2639

This repository contains a shell script to detect and mitigate CVE-2022-2639 by checking if the Open vSwitch kernel module is blacklisted and optionally applying the mitigation. It does not exploit the vulnerability but provides a remediation script.

Classification
Scanner 90%
Attack Type
Other
Complexity
Trivial
Reliability
Reliable
Target: Open vSwitch kernel module
Auth required
Prerequisites: Access to the system with sufficient privileges to modify /etc/modprobe.d/blacklist.conf
devstral-2 · analyzed Feb 16, 2026 Full analysis →
inthewild WORKING POC
poc
https://github.com/avboy1337/cve-2022-2639-pipeversion

This repository contains a functional exploit for CVE-2022-2639, a Linux kernel openvswitch local privilege escalation vulnerability. The exploit leverages a pipe primitive to bypass KASLR and other protections, demonstrating a reliable LPE attack.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Complex
Reliability
Reliable
Target: Linux kernel (openvswitch module)
No auth needed
Prerequisites: Linux kernel with openvswitch module loaded · Local user access
devstral-2 · analyzed Feb 23, 2026 Full analysis →
inthewild WORKING POC
poc
https://github.com/0x0000000000-03/cve-2022-2639-pipeversion

This repository contains a functional exploit for CVE-2022-2639, a Linux kernel openvswitch local privilege escalation vulnerability. The exploit leverages a pipe primitive to bypass KASLR and other protections, demonstrating a reliable LPE attack.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Complex
Reliability
Reliable
Target: Linux kernel (openvswitch module) versions 3.13 to 5.17
No auth needed
Prerequisites: Linux kernel with openvswitch module loaded · Local user access
devstral-2 · analyzed Feb 23, 2026 Full analysis →

References (2)

Core 2
Core References
Issue Tracking, Patch, Third Party Advisory x_refsource_misc
https://bugzilla.redhat.com/show_bug.cgi?id=2084479

Scores

CVSS v3 7.8
EPSS 0.0077
EPSS Percentile 50.8%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-681 CWE-192
Status published
Products (3)
linux/linux_kernel 3.18.139 - 3.19
redhat/enterprise_linux 8.0
redhat/enterprise_linux 9.0
Published Sep 01, 2022
Tracked Since Feb 18, 2026