Bug 2061633 (CVE-2022-27666) - CVE-2022-27666 kernel: buffer overflow in IPsec ESP transformation code
Summary: CVE-2022-27666 kernel: buffer overflow in IPsec ESP transformation code
Keywords:
Status: NEW
Alias: CVE-2022-27666
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
: 2067299 (view as bug list)
Depends On: 2062115 2062192 2066924 2082951 2082953 2062108 2062109 2062110 2062111 2062112 2062113 2062114 2062116 2062118 2062119 2062120 2062121 2062122 2062123 2062124 2062125 2063307 2065568 2082950 2082952 2087136 2087138
Blocks: 2060835 2061739 2067302
TreeView+ depends on / blocked
 
Reported: 2022-03-08 05:31 UTC by Rohit Keshri
Modified: 2022-07-01 00:25 UTC (History)
67 users (show)

Fixed In Version: kernel 5.17 rc8
Doc Type: If docs needed, set a value
Doc Text:
A heap buffer overflow flaw was found in IPsec ESP transformation code in net/ipv4/esp4.c and net/ipv6/esp6.c. This flaw allows a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation threat.
Clone Of:
Environment:
Last Closed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2022:5457 0 None None None 2022-06-30 17:42:27 UTC
Red Hat Product Errata RHSA-2022:4809 0 None None None 2022-05-31 09:10:36 UTC
Red Hat Product Errata RHSA-2022:4829 0 None None None 2022-05-31 12:22:38 UTC
Red Hat Product Errata RHSA-2022:4835 0 None None None 2022-05-31 12:24:26 UTC
Red Hat Product Errata RHSA-2022:4924 0 None None None 2022-06-07 08:21:40 UTC
Red Hat Product Errata RHSA-2022:4942 0 None None None 2022-06-08 08:40:57 UTC
Red Hat Product Errata RHSA-2022:5214 0 None None None 2022-06-28 06:55:30 UTC
Red Hat Product Errata RHSA-2022:5219 0 None None None 2022-06-28 07:28:56 UTC
Red Hat Product Errata RHSA-2022:5220 0 None None None 2022-06-28 07:55:23 UTC
Red Hat Product Errata RHSA-2022:5224 0 None None None 2022-06-28 07:54:08 UTC
Red Hat Product Errata RHSA-2022:5249 0 None None None 2022-06-28 14:59:26 UTC
Red Hat Product Errata RHSA-2022:5267 0 None None None 2022-06-28 10:43:15 UTC
Red Hat Product Errata RHSA-2022:5316 0 None None None 2022-06-28 18:31:58 UTC
Red Hat Product Errata RHSA-2022:5344 0 None None None 2022-06-28 12:25:58 UTC
Red Hat Product Errata RHSA-2022:5476 0 None None None 2022-07-01 00:25:40 UTC

Description Rohit Keshri 2022-03-08 05:31:54 UTC
A heap buffer overflow flaw was found in IPsec ESP transformation code in net/ipv4/esp4.c and net/ipv6/esp6.c. This flaw allows a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation threat.

Reference:
https://github.com/torvalds/linux/commit/ebe48d368e97d007bfeb76fcb065d6cfc4c96645

Comment 7 Mauro Matteo Cascella 2022-03-11 17:22:47 UTC
Upstream commit:
https://github.com/torvalds/linux/commit/ebe48d368e97d007bfeb76fcb065d6cfc4c96645

Comment 8 Rohit Keshri 2022-03-11 18:20:10 UTC
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 2063307]

Comment 10 Sandro Bonazzola 2022-03-18 08:45:27 UTC
Created kernel tracking bugs for this issue:

Affects: ovirt-4.4 [bug 2065568]

Comment 15 Salvatore Bonaccorso 2022-03-23 08:18:45 UTC
This seems to be a duplicate assignment for https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27666 (assigned by MITRE)

Comment 16 Salvatore Bonaccorso 2022-03-23 21:25:18 UTC
https://www.cve.org/CVERecord?id=CVE-2022-0886 has been rejected now. Can you as well remove the alias to CVE-2022-0886 to avoid confusions (and add CVE-2022-27666)?

Thank you!

Comment 17 Rohit Keshri 2022-03-24 08:15:17 UTC
In reply to comment #16:
> https://www.cve.org/CVERecord?id=CVE-2022-0886 has been rejected now. Can
> you as well remove the alias to CVE-2022-0886 to avoid confusions (and add
> CVE-2022-27666)?
> 
> Thank you!

Thanks carnil, modified.

Comment 18 Rohit Keshri 2022-03-24 08:19:18 UTC
*** Bug 2067299 has been marked as a duplicate of this bug. ***

Comment 30 errata-xmlrpc 2022-05-31 09:10:32 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Extended Update Support

Via RHSA-2022:4809 https://access.redhat.com/errata/RHSA-2022:4809

Comment 31 errata-xmlrpc 2022-05-31 12:22:33 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Extended Update Support

Via RHSA-2022:4829 https://access.redhat.com/errata/RHSA-2022:4829

Comment 32 errata-xmlrpc 2022-05-31 12:24:22 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Extended Update Support

Via RHSA-2022:4835 https://access.redhat.com/errata/RHSA-2022:4835

Comment 34 errata-xmlrpc 2022-06-07 08:21:36 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions

Via RHSA-2022:4924 https://access.redhat.com/errata/RHSA-2022:4924

Comment 35 errata-xmlrpc 2022-06-08 08:40:53 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions

Via RHSA-2022:4942 https://access.redhat.com/errata/RHSA-2022:4942

Comment 36 errata-xmlrpc 2022-06-28 06:55:25 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2022:5214 https://access.redhat.com/errata/RHSA-2022:5214

Comment 37 errata-xmlrpc 2022-06-28 07:28:51 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2022:5219 https://access.redhat.com/errata/RHSA-2022:5219

Comment 38 errata-xmlrpc 2022-06-28 07:54:04 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Extended Update Support

Via RHSA-2022:5224 https://access.redhat.com/errata/RHSA-2022:5224

Comment 39 errata-xmlrpc 2022-06-28 07:55:18 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Extended Update Support

Via RHSA-2022:5220 https://access.redhat.com/errata/RHSA-2022:5220

Comment 40 errata-xmlrpc 2022-06-28 10:43:10 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2022:5267 https://access.redhat.com/errata/RHSA-2022:5267

Comment 41 errata-xmlrpc 2022-06-28 12:25:53 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2022:5344 https://access.redhat.com/errata/RHSA-2022:5344

Comment 42 errata-xmlrpc 2022-06-28 14:59:21 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2022:5249 https://access.redhat.com/errata/RHSA-2022:5249

Comment 43 errata-xmlrpc 2022-06-28 18:31:53 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2022:5316 https://access.redhat.com/errata/RHSA-2022:5316

Comment 44 errata-xmlrpc 2022-07-01 00:25:35 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Extended Update Support

Via RHSA-2022:5476 https://access.redhat.com/errata/RHSA-2022:5476


Note You need to log in before you can comment on or make changes to this bug.