CVE-2022-3910

HIGH

Linux Kernel 5.18-5.19.10 - Use-After-Free in io_uring Fixed File Handling

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2022-3910. PoCs published by veritas501, TLD1027.

AI-analyzed exploit summary This repository contains functional exploit code for CVE-2022-3910, a Linux kernel vulnerability involving use-after-free (UAF) in the io_uring subsystem. The exploits demonstrate privilege escalation via dirty pipe-like techniques, manipulating file descriptors and memory mappings.

Description

Use After Free vulnerability in Linux Kernel allows Privilege Escalation. An improper Update of Reference Count in io_uring leads to Use-After-Free and Local Privilege Escalation. When io_msg_ring was invoked with a fixed file, it called io_fput_file() which improperly decreased its reference count (leading to Use-After-Free and Local Privilege Escalation). Fixed files are permanently registered to the ring, and should not be put separately. We recommend upgrading past commit https://github.com/torvalds/linux/commit/fc7222c3a9f56271fba02aabbfbae999042f1679 https://github.com/torvalds/linux/commit/fc7222c3a9f56271fba02aabbfbae999042f1679

Exploits (2)

nomisec WORKING POC 12 stars

by veritas501 · poc

https://github.com/veritas501/CVE-2022-3910

View Code ZIP pw:eip

This repository contains functional exploit code for CVE-2022-3910, a Linux kernel vulnerability involving use-after-free (UAF) in the io_uring subsystem. The exploits demonstrate privilege escalation via dirty pipe-like techniques, manipulating file descriptors and memory mappings.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Complex

Reliability

Racy

Target: Linux Kernel (io_uring subsystem)

No auth needed

Prerequisites: Linux kernel with vulnerable io_uring implementation · Local access to the system

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1055 - Process Injection

devstral-2 · analyzed Feb 19, 2026 Full analysis →

nomisec WORKING POC 1 stars

by TLD1027 · poc

https://github.com/TLD1027/CVE-2022-3910

View Code ZIP pw:eip

This repository contains functional exploit code for CVE-2022-3910, a Linux kernel vulnerability leveraging DirtyCred and cross-cache techniques for local privilege escalation. The PoC includes detailed memory manipulation and kernel object reuse to achieve arbitrary read/write primitives.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Complex

Reliability

Racy

Target: Linux Kernel (specific versions affected by CVE-2022-3910)

No auth needed

Prerequisites: Linux kernel with vulnerable io_uring subsystem · Local user access · Kernel configuration allowing io_uring

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1055 - Process Injection

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (2)

Core 2

Core References

Patch, Third Party Advisory

https://github.com/torvalds/linux/commit/fc7222c3a9f56271fba02aabbfbae999042f1679

View Patch ZIP pw:eip

Patch, Third Party Advisory

https://kernel.dance/#fc7222c3a9f56271fba02aabbfbae999042f1679

Scores

CVSS v3 7.8

EPSS 0.0101

EPSS Percentile 58.5%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-416

Status published

Products (2)

linux/linux_kernel 6.0 rc1 (5 CPE variants)

linux/linux_kernel 5.18 - 5.19.11

Published Nov 22, 2022

Tracked Since Feb 18, 2026