CVE-2022-42703

MEDIUM

Linux Kernel < 5.19.7 - Use-After-Free in anon_vma Reuse

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2022-42703. PoCs published by Squirre17, Satheesh575555.

AI-analyzed exploit summary This is a working proof-of-concept exploit for CVE-2022-42703, demonstrating a local privilege escalation (LPE) attack via hardware breakpoints and kernel stack manipulation. The exploit leverages arbitrary address write primitives and hardware breakpoints to bypass KASLR and canary protections, ultimately achieving root privileges.

Description

mm/rmap.c in the Linux kernel before 5.19.7 has a use-after-free related to leaf anon_vma double reuse.

Exploits (2)

nomisec WORKING POC 4 stars
by Squirre17 · poc
https://github.com/Squirre17/hbp-attack-demo

This is a working proof-of-concept exploit for CVE-2022-42703, demonstrating a local privilege escalation (LPE) attack via hardware breakpoints and kernel stack manipulation. The exploit leverages arbitrary address write primitives and hardware breakpoints to bypass KASLR and canary protections, ultimately achieving root privileges.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Complex
Reliability
Reliable
Target: Linux Kernel 5.15.103
No auth needed
Prerequisites: Kernel with KASLR enabled · Access to /dev/vuln or similar vulnerable module · Hardware breakpoint support
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC
by Satheesh575555 · poc
https://github.com/Satheesh575555/linux-4.1.15_CVE-2022-42703

This repository contains a proof-of-concept exploit for CVE-2022-42703, targeting a vulnerability in the Linux kernel. The provided code includes a utility to interact with the taskstats interface, which could be used to demonstrate the vulnerability.

Classification
Working Poc 90%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: Linux kernel 4.1.15
No auth needed
Prerequisites: Access to a vulnerable Linux kernel version
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5

Scores

CVSS v3 5.5
EPSS 0.0097
EPSS Percentile 57.3%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

CWE
CWE-416
Status published
Products (1)
linux/linux_kernel < 5.19.7
Published Oct 09, 2022
Tracked Since Feb 18, 2026