{"id":"CVE-2022-2639","details":"An integer coercion error was found in the openvswitch kernel module. Given a sufficiently large number of actions, while copying and reserving memory for a new action of a new flow, the reserve_sfa_size() function does not return -EMSGSIZE as expected, potentially leading to an out-of-bounds write access. This flaw allows a local user to crash or potentially escalate their privileges on the system.","modified":"2026-03-14T11:39:14.567142Z","published":"2022-09-01T21:15:09.600Z","related":["ALSA-2022:7444","ALSA-2022:7683","ALSA-2022:7933","ALSA-2022:8267","SUSE-SU-2022:2875-1","SUSE-SU-2022:2875-2","SUSE-SU-2022:2892-1","SUSE-SU-2022:2892-2","SUSE-SU-2022:2910-1","SUSE-SU-2022:3265-1","SUSE-SU-2022:3274-1","SUSE-SU-2022:3282-1","SUSE-SU-2022:3288-1","SUSE-SU-2022:3291-1","SUSE-SU-2022:3293-1","SUSE-SU-2022:3408-1","SUSE-SU-2022:3450-1","SUSE-SU-2022:3609-1","SUSE-SU-2022:4617-1"],"references":[{"type":"FIX","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2084479"},{"type":"FIX","url":"https://github.com/torvalds/linux/commit/cefa91b2332d7009bc0be5d951d6cbbf349f90f8"}],"affected":[{"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"3.18.139"},{"fixed":"3.19"}]},{"events":[{"introduced":"4.4.179"},{"fixed":"4.5"}]},{"events":[{"introduced":"4.9.169"},{"fixed":"4.9.312"}]},{"events":[{"introduced":"4.14.112"},{"fixed":"4.14.277"}]},{"events":[{"introduced":"4.19.35"},{"fixed":"4.19.240"}]},{"events":[{"introduced":"5.0.8"},{"fixed":"5.4.191"}]},{"events":[{"introduced":"5.5"},{"fixed":"5.10.113"}]},{"events":[{"introduced":"5.11"},{"fixed":"5.15.36"}]},{"events":[{"introduced":"5.16"},{"fixed":"5.17.5"}]},{"events":[{"introduced":"0"},{"last_affected":"8.0"}]},{"events":[{"introduced":"0"},{"last_affected":"9.0"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-2639.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}