K53648360: Linux kernel vulnerability CVE-2022-27666

Security Advisory Description A heap buffer overflow flaw was found in IPsec ESP transformation code in net/ipv4/esp4.c and net/ipv6/esp6.c. This flaw allows a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation threat...

kernel: buffer overflow in IPsec ESP transformation code

A heap buffer overflow flaw was found in IPsec ESP transformation code in net/ipv4/esp4.c and net/ipv6/esp6.c. This flaw allows a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation threat...

Oracle Linux 8 : kernel (ELSA-2022-5316)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-5316 advisory. - debug: lockdown kgdb Orabug: 34270802 CVE-2022-21499 - esp: limit skbpagefragrefill use to a single page Sabrina Dubroca 2062114 CVE-2022-27666 - esp...

Important: Red Hat Security Advisory: kpatch-patch security update

An update is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Important: Red Hat Security Advisory: kpatch-patch security update

An update for kpatch-patch is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

kernel: buffer overflow in IPsec ESP transformation code

A heap buffer overflow flaw was found in IPsec ESP transformation code in net/ipv4/esp4.c and net/ipv6/esp6.c. This flaw allows a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation threat...

Important: Red Hat Security Advisory: kpatch-patch security update

An update for kpatch-patch is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

ALSA-2022:5344 Important: kernel-rt security and bug fix update

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fixes: kernel: buffer overflow in IPsec ESP transformation code CVE-2022-27666 kernel: out-of-bounds read in fbcongetfont function CVE-2020-28915...

EulerOS 2.0 SP10 : kernel (EulerOS-SA-2022-1791)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the hash-based IPID assignment policy allows ...

kernel: buffer overflow in IPsec ESP transformation code

A heap buffer overflow flaw was found in IPsec ESP transformation code in net/ipv4/esp4.c and net/ipv6/esp6.c. This flaw allows a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation threat...

RHEL 8 : kernel-rt (RHSA-2022:4835)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:4835 advisory. The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirement...

Important: kernel

Issue Overview: A buffer overflow flaw was found in the Linux kernel's NFC protocol functionality. This flaw allows a local user to crash or escalate their privileges on the system. CVE-2022-26490 A heap buffer overflow flaw was found in IPsec ESP transformation code in net/ipv4/esp4.c and...

SUSE SLES15 Security Update : kernel (Live Patch 1 for SLE 15 SP3) (SUSE-SU-2022:1246-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:1246-1 advisory. - In aiopollcompletework of aio.c, there is a possible memory corruption due to a use after free. This could lead to local escalati...

SUSE SLES15 Security Update : kernel (Live Patch 14 for SLE 15 SP3) (SUSE-SU-2022:1224-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:1224-1 advisory. - In aiopollcompletework of aio.c, there is a possible memory corruption due to a use after free. This could lead to local escalati...

CVE-2022-0886

Removed by vendor...

CVE-2022-27666

A heap buffer overflow flaw was found in IPsec ESP transformation code in net/ipv4/esp4.c and net/ipv6/esp6.c. This flaw allows a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation threat...

CVE-2022-27666

CVE-2022-27666 describes a heap buffer overflow in IPsec ESP transformation code (net/ipv4/esp4.c and net/ipv6/esp6.c) that can allow a local user to overwrite kernel heap objects and may lead to local privilege escalation. Connected advisories confirm kernel patches are available (e.g., AlmaLinu...