• Home
  • |
  • Blog
  • |
  • How to Fix CVE-2022-2959- A Privilege Escalation Vulnerability in Linux Kernel
How to Fix CVE-2022-2959- A Privilege Escalation Vulnerability in Linux Kernel

There is another vulnerability found in Linux Kernel. Selim Enes Karaduman, a security researcher (@Enesdex) who disclosed this vulnerability, says that the flaw being tracked as CVE-2022-2959 allows attackers to perform privilege escalation attacks and even crash the system. Let’s see the Kernel versions affected by the flaw, its impact if exploited, and finally, how to fix CVE-2022-2959- a privilege escalation vulnerability in Linux Kernel.

Summary of CVE-2022-2959

This is a local privilege escalation vulnerability in Linux Kernel that is tracked under CVE ID CVE-2022-2959 and has been assigned the CVSS score of 7.8 out of 10. The flaw stemmed due to improper handling of pipe buffers. This flaw allows a local user (with access to a vulnerable privileged driver) who can execute low-privileged code on the target system to trigger a notification in the watch queue by calling ost_one_notification() and accessing the freed pipe buffer. This would give way for a local, unprivileged user to execute a code as a privileged user.

According to an advisory published by RedHat, “A race condition was found in the Linux kernel’s watch queue due to a missing lock in the pipe_resize_ring(). The race condition occurs when a thread uses ioctl(IOC_WATCH_QUEUE_SET_SIZE) to resize the pipe buffer and free the old pipe buffer, while another thread uses keyctl() to trigger a notification in the watch queue, calling post_one_notification() and accessing the freed pipe buffer.”

– RedHat

The flaw can’t be exploited remotely. The advisory should have local access to the victim machine to exploit the vulnerability.

Associated CVE IDCVE-2022-2959
DescriptionA Privilege Escalation Vulnerability in Linux Kernel
Associated ZDI ID
CVSS Score7.0 Medium
VectorCVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Impact Score
Exploitability Score
Attack Vector (AV)Local
Attack Complexity (AC)High
Privilege Required (PRLow
User Interaction (UI)None
ScopeUnchanged
Confidentiality (C)High
Integrity (I)High
Availability (a)High

Linux Kernel Version Affected by CVE-2022-2959

The flaw affects Kernel v5.18. A popular server-side Linux distribution, RedHat clarified in its security advisory that this vulnerability doesn’t affect Red Hat Enterprise Linux 6, 7, and 8 since they did not include support for a general notification queue such as watch queue.

Please have the advisories published by other popular Linus distributions hare:

  1. RedHat: https://access.redhat.com/security/cve/CVE-2022-2959
  2. SUSU: https://www.suse.com/es-es/security/cve/CVE-2022-2959.html
  3. Debian: https://security-tracker.debian.org/tracker/CVE-2022-2959

How to Fix CVE-2022-2959- A Privilege Escalation Vulnerability in Linux Kernel?

code is published on GitHub public repository, which says, “The occupancy check must be done after the lock is taken, and the lock must be taken after the new ring is allocated.” to overcome this Privilege Escalation Vulnerability in Linux Kernel. However, there are no updates seen available from Kernel moderators to fix the vulnerability. We think that it may take more time to research this vulnerability and release an official patch. Until then, if you want to implement it on your own, you can try it out.

We hope this post will help you know how to fix CVE-2022-2959- a privilege escalation vulnerability in Linux Kernel. Please share this post if you find this interested. Visit our social media page on FacebookLinkedInTwitterTelegramTumblr, & Medium and subscribe to receive updates like this.

About the author

Arun KL

Hi All, I am Arun KL, an IT Security Professional. Founder of “thesecmaster.com”. Enthusiast, Security Blogger, Technical Writer, Editor, Author at TheSecMaster. To know more about me. Follow me on LinkedIn

Leave a Reply

Your email address will not be published. Required fields are marked

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}

Learn Something New with Free Email subscription

Email is also one of the ways to be in touch with us. Our free subscription plan offers you to receive post updates straight to your inbox.