CVE-2022-45934

HIGH

Linux Kernel 2.6.32-4.9.337 - Integer Overflow via L2CAP Configuration Request

Title source: llm

Exploitation Summary

EIP tracks 3 public exploits for CVE-2022-45934. PoCs published by Satheesh575555, Trinadh465.

AI-analyzed exploit summary This repository contains a proof-of-concept exploit for CVE-2022-45934, targeting a vulnerability in the Linux kernel. The provided code includes a utility to interact with kernel interfaces, specifically focusing on taskstats and delay accounting, which may be used to demonstrate the exploit.

Description

An issue was discovered in the Linux kernel through 6.0.10. l2cap_config_req in net/bluetooth/l2cap_core.c has an integer wraparound via L2CAP_CONF_REQ packets.

Exploits (3)

nomisec WORKING POC

by Satheesh575555 · poc

https://github.com/Satheesh575555/linux-4.1.15_CVE-2022-45934

View Code ZIP pw:eip

This repository contains a proof-of-concept exploit for CVE-2022-45934, targeting a vulnerability in the Linux kernel. The provided code includes a utility to interact with kernel interfaces, specifically focusing on taskstats and delay accounting, which may be used to demonstrate the exploit.

Classification

Working Poc 80%

Attack Type

Lpe

Complexity

Moderate

Reliability

Theoretical

Target: Linux kernel 4.1.15

No auth needed

Prerequisites: Access to a vulnerable Linux kernel version · Ability to compile and execute the provided code

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC

by Trinadh465 · poc

https://github.com/Trinadh465/linux-4.1.15_CVE-2022-45934

View Code ZIP pw:eip

This repository contains a proof-of-concept exploit for CVE-2022-45934, targeting a vulnerability in the Linux kernel. The provided code includes a utility to interact with the taskstats interface, which could be leveraged to exploit the vulnerability.

Classification

Working Poc 80%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: Linux kernel 4.1.15

No auth needed

Prerequisites: Access to a vulnerable Linux kernel version

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WRITEUP

by Trinadh465 · poc

https://github.com/Trinadh465/linux-4.19.72_CVE-2022-45934

View Code ZIP pw:eip

The repository contains documentation files from a Linux kernel version 4.19.72, including ABI stability guidelines, admin guides, and hardware-specific documentation. No exploit code or proof-of-concept is present in the provided files.

Classification

Writeup 90%

Attack Type

N/a

Complexity

N/a

Reliability

N/a

Target: Linux Kernel 4.19.72

No auth needed

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6

Core References

Mailing List, Patch, Vendor Advisory

https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git/commit/?id=ae4569813a6e931258db627cdfe50dfb4f917d5d

Third Party Advisory

https://security.netapp.com/advisory/ntap-20230113-0008/

Mailing List, Third Party Advisory vendor-advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NDAKCGDW6CQ6G3RZWYZJO454R3L5CTQB/

Third Party Advisory vendor-advisory

https://www.debian.org/security/2023/dsa-5324

Third Party Advisory mailing-list

https://lists.debian.org/debian-lts-announce/2023/03/msg00000.html

Mailing List mailing-list

https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html

Scores

CVSS v3 7.8

EPSS 0.0075

EPSS Percentile 50.2%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-190

Status published

Products (8)

debian/debian_linux 11.0

fedoraproject/fedora 37

linux/linux_kernel 2.6.32 - 4.9.337

netapp/h300s_firmware

netapp/h410c_firmware

netapp/h410s_firmware

netapp/h500s_firmware

netapp/h700s_firmware

Published Nov 27, 2022

Tracked Since Feb 18, 2026