Bug 2130513 - kernel: Out of bounds write in skb_page_frag_refill function (incomplete fix for CVE-2022-27666)
Summary: kernel: Out of bounds write in skb_page_frag_refill function (incomplete fix ...
Keywords:
Status: CLOSED DUPLICATE of bug 2061633
Alias: None
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2062110 2062111 2062112 2062114 2062115 2062118 2062119 2062121 2062122 2062123 2062124 2062192 2066924 2082950 2082951 2082952 2082953 2087136 2087138 2131080 2131548 2131549 2131550 2131551 2131552 2131553 2131554 2131555 2131556 2131557 2131558 2131559 2131560 2131561 2131562 2131563 2131564 2131565 2131566 2131567 2131568 2131569 2131570 2131571
Blocks: 2130514
TreeView+ depends on / blocked
 
Reported: 2022-09-28 12:34 UTC by Pedro Sampaio
Modified: 2022-10-04 14:50 UTC (History)
64 users (show)

Fixed In Version: Linux kernel 5.18-rc4
Clone Of:
Environment:
Last Closed: 2022-10-03 16:27:25 UTC
Embargoed:

Attachments (Terms of Use)

Description Pedro Sampaio 2022-09-28 12:34:08 UTC 
A remote code execution vulnerability has been discovered in the Linux Kernel which could affect the latest versions. This allows an attacker to execute arbitrary code as root. This vulnerability is a result of incorrect remediation of CVE-2022-27666.

References:

https://lore.kernel.org/all/20220711090538.769097008@linuxfoundation.org/
Comment 10 Alex 2022-10-02 14:53:09 UTC 
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 2131571]
Comment 13 Alex 2022-10-03 16:27:25 UTC 

*** This bug has been marked as a duplicate of bug 2061633 ***
Comment 14 Justin M. Forbes 2022-10-04 14:50:13 UTC 
This was fixed for Fedora with the 5.17.5 stable kernel update.
Note You need to log in before you can comment on or make changes to this bug.