CVSS Score v3.1
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
0.0088
75.8th percentile
Risk Priority
16
60% EPSS · 20% KEV · 20% CVSS
Summary
CVE-2022-27666 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Linux Linux Kernel . Its CVSS base score is 7.8 (High).
Operationally, ranked in the top 24.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
Vulnerability
Related Threats
Affected Assets
Mitigating Controls
Vulnerability details
A heap buffer overflow flaw was found in IPsec ESP transformation code in net/ipv4/esp4.c and net/ipv6/esp6.c. This flaw allows a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation threat.
CWE(s)
Related Threats
Threat-Actor AttributionAI
Russian Military Cyber Actors Target US and Global Critical Infrastructure | CISA
Affected Assets
linux
linux kernel
5.17 · ≤ 5.17
fedoraproject
fedora
34, 35
redhat
virtualization
4.0
redhat
enterprise linux
8.0
netapp
h300s firmware
all versions
netapp
h500s firmware
all versions
netapp
h700s firmware
all versions
netapp
h300e firmware
all versions
netapp
h500e firmware
all versions
netapp
h700e firmware
all versions
+3 more product configuration(s) — see NVD for full list
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Out-of-bounds writes that corrupt control flow or inject shellcode are rendered non-executable by the same memory protections.
References
Issue Tracking, Patch, Third Party Advisory · cve@mitre.org
Patch, Third Party Advisory · cve@mitre.org
Third Party Advisory · cve@mitre.org
Third Party Advisory · cve@mitre.org
Third Party Advisory · cve@mitre.org
Issue Tracking, Patch, Third Party Advisory · af854a3a-2127-422b-91ae-364da2661108
Patch, Third Party Advisory · af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory · af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory · af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory · af854a3a-2127-422b-91ae-364da2661108