A heap buffer overflow flaw was found in IPsec ESP transformation code in net/ipv4/esp4.c and net/ipv6/esp6.c. This flaw allows a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation threat. Reference: https://github.com/torvalds/linux/commit/ebe48d368e97d007bfeb76fcb065d6cfc4c96645
Upstream commit: https://github.com/torvalds/linux/commit/ebe48d368e97d007bfeb76fcb065d6cfc4c96645
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 2063307]
Created kernel tracking bugs for this issue: Affects: ovirt-4.4 [bug 2065568]
This seems to be a duplicate assignment for https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27666 (assigned by MITRE)
https://www.cve.org/CVERecord?id=CVE-2022-0886 has been rejected now. Can you as well remove the alias to CVE-2022-0886 to avoid confusions (and add CVE-2022-27666)? Thank you!
In reply to comment #16: > https://www.cve.org/CVERecord?id=CVE-2022-0886 has been rejected now. Can > you as well remove the alias to CVE-2022-0886 to avoid confusions (and add > CVE-2022-27666)? > > Thank you! Thanks carnil, modified.
*** Bug 2067299 has been marked as a duplicate of this bug. ***
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Extended Update Support Via RHSA-2022:4809 https://access.redhat.com/errata/RHSA-2022:4809
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Extended Update Support Via RHSA-2022:4829 https://access.redhat.com/errata/RHSA-2022:4829
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Extended Update Support Via RHSA-2022:4835 https://access.redhat.com/errata/RHSA-2022:4835
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions Via RHSA-2022:4924 https://access.redhat.com/errata/RHSA-2022:4924
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions Via RHSA-2022:4942 https://access.redhat.com/errata/RHSA-2022:4942
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2022:5214 https://access.redhat.com/errata/RHSA-2022:5214
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:5219 https://access.redhat.com/errata/RHSA-2022:5219
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Extended Update Support Via RHSA-2022:5224 https://access.redhat.com/errata/RHSA-2022:5224
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Extended Update Support Via RHSA-2022:5220 https://access.redhat.com/errata/RHSA-2022:5220
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2022:5267 https://access.redhat.com/errata/RHSA-2022:5267
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:5344 https://access.redhat.com/errata/RHSA-2022:5344
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2022:5249 https://access.redhat.com/errata/RHSA-2022:5249
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:5316 https://access.redhat.com/errata/RHSA-2022:5316
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Extended Update Support Via RHSA-2022:5476 https://access.redhat.com/errata/RHSA-2022:5476
This issue has been addressed in the following products: Red Hat Virtualization 4 for Red Hat Enterprise Linux 8 Via RHSA-2022:5678 https://access.redhat.com/errata/RHSA-2022:5678
*** Bug 2130513 has been marked as a duplicate of this bug. ***
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2022-27666