CVE-2022-2639: 
Linux Kernel vulnerability analysis and mitigation

An integer coercion error was discovered in the openvswitch kernel module of the Linux kernel (CVE-2022-2639). The vulnerability was found in the reserve_sfa_size() function, where given a sufficiently large number of actions, while copying and reserving memory for a new action of a new flow, the function fails to return -EMSGSIZE as expected, potentially leading to an out-of-bounds write access (NVD, CVE).

The vulnerability stems from an integer coercion error in the openvswitch kernel module. When next_offset is greater than MAX_ACTIONS_BUFSIZE, the reserve_sfa_size() function incorrectly allocates MAX_ACTIONS_BUFSIZE bytes and increases actions_len by req_size instead of returning an error code. The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (HIGH) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (NVD).

This vulnerability allows a local user to crash the system or potentially escalate their privileges. The flaw can lead to an out-of-bounds write access, particularly when additional actions need to be copied, which could result in system instability or unauthorized privilege elevation (NVD, Red Hat Bugzilla).

The vulnerability has been fixed in the Linux kernel through a patch that rearranges the flow action size check. The fix has been backported to various Linux distributions including Red Hat Enterprise Linux 8 and 9 through security updates. Users are advised to update their systems to the patched versions (Red Hat Bugzilla).