Exploit for Incorrect Conversion between Numeric Types in Linux Linux Kernel CVE-2022-2639

Name: Exploit for Incorrect Conversion between Numeric Types in Linux Linux Kernel CVE-2022-2639
Rating: 5 (613 reviews)

2022-09-05 | CVSS 4.3

## https://sploitus.com/exploit?id=DC3905DC-182D-514C-A689-6B8E9D2771E0
# CVE-2022-2639 (using pipe primitive)

[CVE-2022-2639](https://vulners.com/cve/CVE-2022-2639): Linux kernel openvswitch local privilege escalation.

- introduced in: [e64457191a259537bbbfaebeba9a8043786af96f](https://github.com/torvalds/linux/commit/e64457191a259537bbbfaebeba9a8043786af96f) (v3.13)

- fixed in: [cefa91b2332d7009bc0be5d951d6cbbf349f90f8](https://github.com/torvalds/linux/commit/cefa91b2332d7009bc0be5d951d6cbbf349f90f8) (v5.18)



> Using pipe-primitive to exploit CVE-2022-2639, so no kaslr leak nor smap smep ktpi bypass is needed :)
>
> (Q: What is pipe-primitive? A: https://github.com/veritas501/pipe-primitive)

Chinese writeup: coming soon.

!! **For educational / research purposes only. Use at your own risk.** !!

Tested on 5.13, 5.4, 4.18.

![](assets/success.png)