Red Hat has released a patch for a recently discovered vulnerability that allowed for local privilege escalation, putting all manner of Linux systems potentially at risk.
As explained in the advisory, the vulnerability, tracked as CVE-2022-27666, was discovered in IPSec’s Encapsulating Security Payload (esp6) crypto module or, in other words, a basic heap overflow vulnerability.
The flaw was discovered by one Xiaochen Zou - a graduate student at the University of California, Riverside. He explained how "the basic logic of this vulnerability is that the receiving buffer of a user message in esp6 module is an 8-page buffer, but the sender can send a message larger than 8 pages, which clearly creates a buffer overflow."
We're looking at how our readers use VPNs with different devices so we can improve our content and offer better advice. This survey shouldn't take more than 60 seconds of your time. Thank you for taking part.
Crashing the system
In Red Hat’s advisory, the flaw was described as allowing a threat actor with normal user privilege to overwrite kernel heap objects, which may cause local privilege escalation.
The vulnerability was given a severity score of 7.8.
Red Hat has also warned admins that on Linux systems already using IPsec and having IPSec Security Associations (SA) configured, a threat actor would need no additional privileges to exploit the vulnerability.
However, these are essential for the network security protocol, ZDNet claims, meaning “pretty much everyone with the vulnerable code” in their Linux distro is a potential target.
According to Xiaochen, the newest Ubuntu, Fedora, and Debian Linux distros are all vulnerable, as well as Red Hat Enterprise Linux (RHEL) 8. This flaw can bring a Linux system offline, it was said.
The same patch also addresses CVE-2022-1055, a use-after-free vulnerability that was found in the network traffic control implementation, which can also crash a vulnerable system. It can also be used to gain elevated privileges, and was described as “high priority” for patching.
Given that the two vulnerabilities allow for privilege escalation and could be used for denial of service attacks, administrators are urged to patch up their endpoints as soon as possible.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.