CVE-2022-29582

HIGH

Linux Kernel < 5.17.3 - Use-After-Free via io_uring Timeout Race Condition

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2022-29582. PoCs published by Ruia-ruia.

AI-analyzed exploit summary This repository contains a functional exploit for CVE-2022-29582, a local privilege escalation vulnerability in the Linux kernel's io_uring subsystem. The exploit leverages a use-after-free (UAF) condition to achieve privilege escalation, with detailed phases for memory manipulation and ROP chain execution.

Description

In the Linux kernel before 5.17.3, fs/io_uring.c has a use-after-free due to a race condition in io_uring timeouts. This can be triggered by a local user who has no access to any user namespace; however, the race condition perhaps can only be exploited infrequently.

Exploits (1)

nomisec WORKING POC 77 stars
by Ruia-ruia · poc
https://github.com/Ruia-ruia/CVE-2022-29582-Exploit

This repository contains a functional exploit for CVE-2022-29582, a local privilege escalation vulnerability in the Linux kernel's io_uring subsystem. The exploit leverages a use-after-free (UAF) condition to achieve privilege escalation, with detailed phases for memory manipulation and ROP chain execution.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Complex
Reliability
Reliable
Target: Linux kernel io_uring subsystem (versions affected include 5.10.90)
No auth needed
Prerequisites: Linux kernel with vulnerable io_uring implementation · Local access to the target system
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

Scores

CVSS v3 7.0
EPSS 0.0077
EPSS Percentile 51.4%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-362
Status published
Products (2)
debian/debian_linux 11.0
linux/linux_kernel < 5.17.3
Published Apr 22, 2022
Tracked Since Feb 18, 2026