Linux secure networking security bug found and fixed

Advisories

Discover Security Vulnerabilities News

Linux secure networking security bug found and fixed

11.Locks IsometricPattern

An obnoxious security bug discovered in Linux's IPSec secure networking program has now been fixed.

Nothing is quite as vexing as a security hole in a security program. Xiaochen Zou, a graduate student at the University of California, Riverside, went looking for bugs in Linux and found a whopper. This vulnerability, CVE-2022-27666, in IPSec's esp6 (Encapsulating Security Payload) crypto module can be abused for local privilege escalation.

The problem is your basic heap overflow hole. Xiaochen explained that  "the basic logic of this vulnerability is that the receiving buffer of a user message in esp6 module is an 8-page buffer, but the sender can send a message larger than 8 pages, which clearly creates a buffer overflow." Yes, yes it will. 

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.