Bugzilla – Bug 1197131
VUL-0: CVE-2022-27666: kernel: buffer overflow in IPsec ESP transformation code
Last modified: 2022-04-22 16:06:22 UTC
rh#2061633 Identified a buffer overflow vulnerability in IPsec ESP transformation code. Upstream commit: https://github.com/torvalds/linux/commit/ebe48d368e97d007bfeb76fcb065d6cfc4c96645 References: https://bugzilla.redhat.com/show_bug.cgi?id=2061633 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0886
Given the recent mail from Marcus, with score 7.5 shouldn't this go to 15-SP4-GA kernel?
(In reply to Vlastimil Babka from comment #1) > Given the recent mail from Marcus, with score 7.5 shouldn't this go to > 15-SP4-GA kernel? Michal resubmitted to GA, I merged.
*** Bug 1197462 has been marked as a duplicate of this bug. ***
Affected branches are: cve/linux-5.3 cve/linux-4.12 Patch has been backported, re-assigning back to security team
done
I have a customer asking about this CVE vulnerability. Our public cve web page shows that SLES 12 SP5 and SLES 15 SP2 and SP3 are affected, but there is no mention there of when a fix for those versions might be available. Is there any estimate of when the fixes will be available for those versions?
(In reply to Sean Stanton from comment #8) > I have a customer asking about this CVE vulnerability. Our public cve web > page shows that SLES 12 SP5 and SLES 15 SP2 and SP3 are affected, but there > is no mention there of when a fix for those versions might be available. Is > there any estimate of when the fixes will be available for those versions? The fix should be release on the next MU: Release Target Date: 12 Apr 2022
(In reply to Denis Kirjanov from comment #9) > (In reply to Sean Stanton from comment #8) > > I have a customer asking about this CVE vulnerability. Our public cve web > > page shows that SLES 12 SP5 and SLES 15 SP2 and SP3 are affected, but there > > is no mention there of when a fix for those versions might be available. Is > > there any estimate of when the fixes will be available for those versions? > > The fix should be release on the next MU: > Release Target Date: 12 Apr 2022 Thanks. The customer is also asking if disabling user namespaces as per the recommended workaround by Red Hat at the link below is recommended/supported by us until the MU is available: https://access.redhat.com/security/cve/CVE-2022-27666
(In reply to Sean Stanton from comment #10) > (In reply to Denis Kirjanov from comment #9) > > (In reply to Sean Stanton from comment #8) > > > I have a customer asking about this CVE vulnerability. Our public cve web > > > page shows that SLES 12 SP5 and SLES 15 SP2 and SP3 are affected, but there > > > is no mention there of when a fix for those versions might be available. Is > > > there any estimate of when the fixes will be available for those versions? > > > > The fix should be release on the next MU: > > Release Target Date: 12 Apr 2022 > > Thanks. The customer is also asking if disabling user namespaces as per the > recommended workaround by Red Hat at the link below is recommended/supported > by us until the MU is available: > > https://access.redhat.com/security/cve/CVE-2022-27666 the exploit found [0] uses unshare(CLONE_NEWNS|CLONE_NEWUSER); and FUSE to exploit the vulnerability [0] https://github.com/plummm/CVE-2022-27666/blob/main/poc.c
(In reply to Denis Kirjanov from comment #11) > (In reply to Sean Stanton from comment #10) > > (In reply to Denis Kirjanov from comment #9) > > > (In reply to Sean Stanton from comment #8) > > > > I have a customer asking about this CVE vulnerability. Our public cve web > > > > page shows that SLES 12 SP5 and SLES 15 SP2 and SP3 are affected, but there > > > > is no mention there of when a fix for those versions might be available. Is > > > > there any estimate of when the fixes will be available for those versions? > > > > > > The fix should be release on the next MU: > > > Release Target Date: 12 Apr 2022 > > > > Thanks. The customer is also asking if disabling user namespaces as per the > > recommended workaround by Red Hat at the link below is recommended/supported > > by us until the MU is available: > > > > https://access.redhat.com/security/cve/CVE-2022-27666 > > the exploit found [0] uses unshare(CLONE_NEWNS|CLONE_NEWUSER); > and FUSE to exploit the vulnerability > > [0] https://github.com/plummm/CVE-2022-27666/blob/main/poc.c Sorry, I am not a developer. Is that a "yes" or a "no" to my question?
Yes, the disable user namespaces workaround will also work on SUSE.
(In reply to Marcus Meissner from comment #13) > Yes, the disable user namespaces workaround will also work on SUSE. Thank you.
Mitre rejected CVE-2022-0886 and used CVE-2022-27666
SUSE-SU-2022:1255-1: An update that solves 20 vulnerabilities, contains one feature and has three fixes is now available. Category: security (important) Bug References: 1189562,1194943,1195051,1195353,1196018,1196114,1196468,1196488,1196514,1196639,1196761,1196830,1196836,1196942,1196973,1197131,1197227,1197331,1197366,1197391,1198031,1198032,1198033 CVE References: CVE-2021-39713,CVE-2021-45868,CVE-2022-0812,CVE-2022-0850,CVE-2022-0886,CVE-2022-1016,CVE-2022-1048,CVE-2022-23036,CVE-2022-23037,CVE-2022-23038,CVE-2022-23039,CVE-2022-23040,CVE-2022-23041,CVE-2022-23042,CVE-2022-26490,CVE-2022-26966,CVE-2022-28356,CVE-2022-28388,CVE-2022-28389,CVE-2022-28390 JIRA References: SLE-18234 Sources used: SUSE Linux Enterprise Server for SAP 15 (src): kernel-default-4.12.14-150000.150.89.1, kernel-docs-4.12.14-150000.150.89.1, kernel-obs-build-4.12.14-150000.150.89.1, kernel-source-4.12.14-150000.150.89.1, kernel-syms-4.12.14-150000.150.89.1, kernel-vanilla-4.12.14-150000.150.89.1 SUSE Linux Enterprise Server 15-LTSS (src): kernel-default-4.12.14-150000.150.89.1, kernel-docs-4.12.14-150000.150.89.1, kernel-obs-build-4.12.14-150000.150.89.1, kernel-source-4.12.14-150000.150.89.1, kernel-syms-4.12.14-150000.150.89.1, kernel-vanilla-4.12.14-150000.150.89.1, kernel-zfcpdump-4.12.14-150000.150.89.1 SUSE Linux Enterprise Module for Live Patching 15 (src): kernel-default-4.12.14-150000.150.89.1, kernel-livepatch-SLE15_Update_29-1-150000.1.3.1 SUSE Linux Enterprise High Performance Computing 15-LTSS (src): kernel-default-4.12.14-150000.150.89.1, kernel-docs-4.12.14-150000.150.89.1, kernel-obs-build-4.12.14-150000.150.89.1, kernel-source-4.12.14-150000.150.89.1, kernel-syms-4.12.14-150000.150.89.1, kernel-vanilla-4.12.14-150000.150.89.1 SUSE Linux Enterprise High Performance Computing 15-ESPOS (src): kernel-default-4.12.14-150000.150.89.1, kernel-docs-4.12.14-150000.150.89.1, kernel-obs-build-4.12.14-150000.150.89.1, kernel-source-4.12.14-150000.150.89.1, kernel-syms-4.12.14-150000.150.89.1, kernel-vanilla-4.12.14-150000.150.89.1 SUSE Linux Enterprise High Availability 15 (src): kernel-default-4.12.14-150000.150.89.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.