CVE-2022-2639

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-2639

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-2639.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-2639

Downstream

DEBIAN-CVE-2022-2639

OESA-2022-1824

OESA-2024-1384

RHSA-2022:7444

RHSA-2022:7683

RHSA-2022:7933

RHSA-2022:8267

RHSA-2022:8765

RHSA-2022:8767

RHSA-2022:8768

RHSA-2022:8809

RHSA-2022:8831

RHSA-2022:8940

RHSA-2022:8941

RHSA-2022:8973

RHSA-2022:8974

RHSA-2022:8989

RHSA-2022:9082

RHSA-2023:0058

RHSA-2023:0059

SUSE-SU-2022:2875-1

SUSE-SU-2022:2875-2

SUSE-SU-2022:2892-1

SUSE-SU-2022:2892-2

SUSE-SU-2022:2910-1

SUSE-SU-2022:3265-1

SUSE-SU-2022:3274-1

SUSE-SU-2022:3282-1

SUSE-SU-2022:3288-1

SUSE-SU-2022:3291-1

SUSE-SU-2022:3293-1

SUSE-SU-2022:3408-1

SUSE-SU-2022:3450-1

SUSE-SU-2022:3609-1

SUSE-SU-2022:4617-1

UBUNTU-CVE-2022-2639

USN-5650-1

Related

Published

2022-09-01T21:15:09Z

Modified

2025-08-09T19:01:26Z

Severity

7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

An integer coercion error was found in the openvswitch kernel module. Given a sufficiently large number of actions, while copying and reserving memory for a new action of a new flow, the reservesfasize() function does not return -EMSGSIZE as expected, potentially leading to an out-of-bounds write access. This flaw allows a local user to crash or potentially escalate their privileges on the system.

References

Affected packages