Unrated severityNVD Advisory· Published Mar 23, 2022· Updated Aug 3, 2024

CVE-2022-27666

Description

A heap buffer overflow flaw was found in IPsec ESP transformation code in net/ipv4/esp4.c and net/ipv6/esp6.c. This flaw allows a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation threat.

Affected products

Linux kernel/IPsec ESP transformationdescription

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.debian.org/security/2022/dsa-5127mitrevendor-advisoryx_refsource_DEBIAN
www.debian.org/security/2022/dsa-5173mitrevendor-advisoryx_refsource_DEBIAN
bugzilla.redhat.com/show_bug.cgimitrex_refsource_MISC
github.com/torvalds/linux/commit/ebe48d368e97d007bfeb76fcb065d6cfc4c96645mitrex_refsource_MISC
security.netapp.com/advisory/ntap-20220429-0001/mitrex_refsource_CONFIRM

News mentions

Linux Kernel Dirty Frag LPE Exploit Enables Root Access Across Major Distributions
The Hacker News · May 8, 2026

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000