CVE-2022-27666

CWE-787Out-of-bounds WriteCWE-122Heap-based Buffer Overflow14 documents8 sources
Severity
7.8HIGH
EPSS
0.8%
top 26.00%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Linux Linux KernelDebian Debian LinuxFedoraproject Fedora+2 more
Timeline
PublishedMar 23
Latest updateApr 13

Description

A heap buffer overflow flaw was found in IPsec ESP transformation code in net/ipv4/esp4.c and net/ipv6/esp6.c. This flaw allows a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation threat.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

NVDlinux/linux_kernel< 5.17+1
Debianlinux< 5.10.113-1+3

Also affects: Debian Linux 10.0, 11.0, 9.0, Fedora 34, 35, Enterprise Linux 8.0

Patches

Patch: bugzilla.redhat.comPatch: github.comPatch: bugzilla.redhat.com

🔴Vulnerability Details

4
OSV
linux, linux-aws, linux-azure, linux-gcp, linux-hwe-5.13, linux-hwe-5.4, linux-kvm, linux-oracle, linux-oracle-5.4 vulnerabilities2022-03-31
GHSA
GHSA-5h7v-72v6-2r5w: In the Linux kernel before 52022-03-24
OSV
CVE-2022-27666: A heap buffer overflow flaw was found in IPsec ESP transformation code in net/ipv4/esp42022-03-23
CVEList
CVE-2022-27666: A heap buffer overflow flaw was found in IPsec ESP transformation code in net/ipv4/esp42022-03-23

📋Vendor Advisories

9
Ubuntu
Linux kernel (BlueField) vulnerabilities2022-04-13
Ubuntu
Linux kernel vulnerabilities2022-04-06
Ubuntu
Linux kernel vulnerabilities2022-03-31
Ubuntu
Linux kernel vulnerability2022-03-31
Ubuntu
Linux kernel vulnerabilities2022-03-31