{"vulnerability": "cve-2022-2958", "sightings": [{"uuid": "3e03353e-5a98-48be-b0eb-6278e473a2ac", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2958", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-01-26)", "content": "", "creation_timestamp": "2025-01-26T00:00:00.000000Z"}, {"uuid": "2a103138-e129-4eb8-8888-740c7e30e811", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2958", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-05-22)", "content": "", "creation_timestamp": "2025-05-22T00:00:00.000000Z"}, {"uuid": "5971f283-6110-4747-b6ce-0f75e4ed82a0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2958", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-12-09)", "content": "", "creation_timestamp": "2025-12-09T00:00:00.000000Z"}, {"uuid": "381c8a9b-f8a9-4dc6-aaef-2a67eec72f66", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2958", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-03-07)", "content": "", "creation_timestamp": "2026-03-07T00:00:00.000000Z"}, {"uuid": "74ef4142-cd89-4f5b-aaf8-95f7338db137", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2958", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-02-18)", "content": "", "creation_timestamp": "2026-02-18T00:00:00.000000Z"}, {"uuid": "9eb82c67-6b92-4f37-beda-faadca2a7e50", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2958", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-12-19)", "content": "", "creation_timestamp": "2025-12-19T00:00:00.000000Z"}, {"uuid": "25e62d9d-99d3-4479-8df0-ded0f0e45984", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2958", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-02-06)", "content": "", "creation_timestamp": "2026-02-06T00:00:00.000000Z"}, {"uuid": "6eef416c-45da-4575-8e54-f40b0763866a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2958", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-03-11)", "content": "", "creation_timestamp": "2026-03-11T00:00:00.000000Z"}, {"uuid": "644b2180-7f5d-48e6-86ed-45bc144611ec", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2958", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-03-31)", "content": "", "creation_timestamp": "2026-03-31T00:00:00.000000Z"}, {"uuid": "a69c52a9-8f48-4f73-87e1-0bf7baf47c08", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-29582", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/2864", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aExploit for CVE-2022-29582 targeting Google's Kernel CTF\nURL\uff1ahttps://github.com/Noxtal/follina\n\n\u6807\u7b7e\uff1a#CVE-2022", "creation_timestamp": "2022-08-07T00:18:15.000000Z"}, {"uuid": "1c68710c-c16f-4700-b87b-2eca7b6d0173", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2958", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-04-25)", "content": "", "creation_timestamp": "2026-04-25T00:00:00.000000Z"}, {"uuid": "d7a0e883-ec62-4d88-bdd5-8fac2acee167", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-29582", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/2852", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aExploit for CVE-2022-29582 targeting Google's Kernel CTF\nURL\uff1ahttps://github.com/Ruia-ruia/CVE-2022-29582-Exploit\n\n\u6807\u7b7e\uff1a#CVE-2022", "creation_timestamp": "2022-08-04T18:45:50.000000Z"}, {"uuid": "89ce4f87-269c-480f-9f1a-8eaff445f049", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-29582", "type": "published-proof-of-concept", "source": "https://t.me/hackingbra/15", "content": "CVE-2022-29582, an io_uring vulnerability\n\nA detailed and well-written article by Awarau and David Bouman about exploiting a slab use-after-free vulnerability in the io_uring subsystem.\n\nThe exploit leverages a cross-cache attack and msg_msg spraying to overwrite a tls_context object and execute a ROP chain to gain root.", "creation_timestamp": "2022-08-11T16:26:16.000000Z"}, {"uuid": "0bfaf087-da34-4577-987f-f977ff0437da", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-29581", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/12663", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-29581\n\ud83d\udd25 CVSS Score: 7.8 (cvssV3_1, Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: Improper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local attacker to cause privilege escalation to root. This issue affects: Linux Kernel versions prior to 5.18; version 4.14 and later versions.\n\ud83d\udccf Published: 2022-05-17T16:50:12.000Z\n\ud83d\udccf Modified: 2025-04-21T13:53:27.216Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3db09e762dc79584a69c10d74a6b98f89a9979f8\n2. https://kernel.dance/#3db09e762dc79584a69c10d74a6b98f89a9979f8\n3. http://www.openwall.com/lists/oss-security/2022/05/18/2\n4. http://packetstormsecurity.com/files/167386/Kernel-Live-Patch-Security-Notice-LSN-0086-1.html\n5. https://security.netapp.com/advisory/ntap-20220629-0005/\n6. https://www.debian.org/security/2022/dsa-5173\n7. http://packetstormsecurity.com/files/168191/Kernel-Live-Patch-Security-Notice-LSN-0089-1.html", "creation_timestamp": "2025-04-21T14:02:23.000000Z"}, {"uuid": "3f98fbd2-c40d-490b-a1bf-fb722ee8e06f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-29580", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/12470", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-29580\n\ud83d\udd25 CVSS Score: 8.9 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L)\n\ud83d\udd39 Description: There exists a path traversal vulnerability in the Android Google Search app. This is caused by the incorrect usage of uri.getLastPathSegment. A symbolic encoded string can bypass the path logic to get access to unintended directories. An attacker can manipulate paths that could lead to code execution on the device. We recommend upgrading beyond version 13.41\n\ud83d\udccf Published: 2022-12-13T14:31:41.752Z\n\ud83d\udccf Modified: 2025-04-18T15:49:38.365Z\n\ud83d\udd17 References:\n1. https://support.google.com/faqs/answer/7496913?hl=en", "creation_timestamp": "2025-04-18T15:58:52.000000Z"}, {"uuid": "c8f2d8c0-5142-4e4e-b8f9-31b04a3336c7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-29582", "type": "published-proof-of-concept", "source": "https://t.me/linkersec/181", "content": "CVE-2022-29582, an io_uring vulnerability\n\nA detailed and well-written article by Awarau and David Bouman about exploiting a slab use-after-free vulnerability in the io_uring subsystem.\n\nThe exploit leverages a cross-cache attack and msg_msg spraying to overwrite a tls_context object and execute a ROP chain to gain root.", "creation_timestamp": "2022-08-11T15:36:32.000000Z"}, {"uuid": "a4cc875c-036d-4608-8f2b-ea21bb54cbc9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-29585", "type": "seen", "source": "https://t.me/cibsecurity/41598", "content": "\u203c CVE-2022-29585 \u203c\n\nIn Mahara before 20.10.5, 21.04.4, 21.10.2, and 22.04.0, a site using Isolated Institutions is vulnerable if more than ten groups are used. They are all shown from page 2 of the group results list (rather than only being shown for the institution that the viewer is a member of).\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-28T20:24:33.000000Z"}, {"uuid": "5a5aceb1-e870-4d98-88f6-69ff405966d3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-29581", "type": "seen", "source": "https://t.me/cibsecurity/42841", "content": "\u203c CVE-2022-29581 \u203c\n\nImproper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local attacker to cause privilege escalation to root. This issue affects: Linux Kernel versions prior to 5.18; version 4.14 and later versions.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-17T20:27:54.000000Z"}, {"uuid": "65bda6d2-b1e0-494c-9d22-2967154bc373", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-29584", "type": "seen", "source": "https://t.me/cibsecurity/41588", "content": "\u203c CVE-2022-29584 \u203c\n\nMahara before 20.10.5, 21.04.4, 21.10.2, and 22.04.0 allows stored XSS when a particular Cascading Style Sheets (CSS) class for embedly is used, and JavaScript code is constructed to perform an action.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-28T20:24:20.000000Z"}, {"uuid": "c728f530-3970-4a9a-8f65-04f9e9b57a28", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-29582", "type": "seen", "source": "https://t.me/CyberSecurityTechnologies/6816", "content": "#exploit\n1. CVE-2022-29582:\nAn io_uring vulnerability\nhttps://ruia-ruia.github.io/2022/08/05/CVE-2022-29582-io-uring\n\n2. CVE-2022-29021, CVE-2022-29022, CVE-2022-29023:\nBuffer overflow in the\u00a0OpenRazer\u00a0open-source kernel drivers\nhttps://www.cyberark.com/resources/threat-research-blog/colorful-vulnerabilities", "creation_timestamp": "2022-09-17T13:27:13.000000Z"}, {"uuid": "0abf0701-7021-43a0-88b9-687cd090dd36", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-29589", "type": "seen", "source": "https://t.me/cibsecurity/41338", "content": "\u203c CVE-2022-29589 \u203c\n\nCrypt Server before 3.3.0 allows XSS in the index view. This is related to serial, computername, and username.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-22T20:50:42.000000Z"}, {"uuid": "c75a220f-fe0b-4b11-bf65-1a338b3c9c9a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-29583", "type": "seen", "source": "https://t.me/cibsecurity/41337", "content": "\u203c CVE-2022-29583 \u203c\n\nservice_windows.go in the kardianos service package for Go omits quoting that is sometimes needed for execution of a Windows service executable from the intended directory.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-22T20:28:10.000000Z"}, {"uuid": "f231db4c-1659-4890-8a5e-507fe5ec85e1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-29582", "type": "seen", "source": "https://t.me/cibsecurity/41336", "content": "\u203c CVE-2022-29582 \u203c\n\nIn the Linux kernel before 5.17.3, fs/io_uring.c has a use-after-free due to a race condition in io_uring timeouts. This can be triggered by a local user who has no access to any user namespace; however, the race condition perhaps can only be exploited infrequently.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-22T20:28:06.000000Z"}]}