CVE-2022-27666: 
Linux Kernel vulnerability analysis and mitigation

A heap buffer overflow vulnerability (CVE-2022-27666) was discovered in the IPsec ESP transformation code in net/ipv4/esp4.c and net/ipv6/esp6.c files of the Linux kernel. The vulnerability was discovered and disclosed on March 23, 2022, affecting Linux Kernel versions through 5.17:rc7. This security flaw allows a local attacker with normal user privileges to potentially overwrite kernel heap objects (CVE, NVD).

The vulnerability stems from improper memory allocation during ESP (Encapsulating Security Payload) transformations in the IPsec implementation. The maximum message size that can be sent is larger than the maximum size that skbpagefragrefill can allocate, potentially leading to writing beyond the allocated buffer. The issue was fixed in Linux kernel 5.17 rc8 through a patch that implements a fallback to COW (Copy-On-Write) when the allocation size exceeds ESPSKBFRAGMAXSIZE (Github Commit). The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (HIGH) with the vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (NetApp Advisory).

The successful exploitation of this vulnerability could lead to local privilege escalation, allowing attackers to gain elevated system privileges. Additionally, it could result in denial of service conditions or the disclosure of sensitive information from the kernel memory (Debian Advisory).

The vulnerability has been patched in Linux kernel version 5.17 rc8. Various Linux distributions have released security updates to address this issue. For example, Debian has fixed this in version 5.10.113-1 for the stable distribution (bullseye), and version 4.19.249-2 for the oldstable distribution (buster) (Debian Advisory, Debian Advisory).