CVE-2021-22555

HIGH CISA KEV
Published Jul 7, 20214y ago · Modified Jun 17, 20262w ago
7.8 CVSS 3.1
High
Find Similar
Published Jul 7, 2021 4y ago
Last Modified Jun 17, 2026 2w ago
KEV Listed Oct 6, 2025 9mo ago
KEV Due Oct 27, 2025 251d overdue

Description

A heap out-of-bounds write affecting Linux since v2.6.19-rc1 was discovered in net/netfilter/x_tables.c. This allows an attacker to gain privileges or cause a DoS (via heap memory corruption) through user name space

CVSS Details

Base Score
7.8
Exploitability
1.8
Impact
5.9
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High

Threat Intelligence

CISA Known Exploited Overdue 251d
Added
Oct 6, 2025
Due
Oct 27, 2025

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Exploit & Patch Status
Actively Exploited (KEV)
Patch Available

Weaknesses 1

CWE-787 Out-of-bounds Write Memory Safety

Affected Products 42

VendorProductVersionRange
netappc400_firmware*any
netappc400*any
netappc250_firmware*any
netappc250*any
netapph410c_firmware*any
netapph410c*any
netapph300s_firmware*any
netapph300s*any
netapph500s_firmware*any
netapph500s*any
netapph700s_firmware*any
netapph700s*any
netapph410s_firmware*any
netapph410s*any
linuxlinux_kernel*≥2.6.19  –  <4.4.267
linuxlinux_kernel*≥4.5  –  <4.9.267
linuxlinux_kernel*≥4.10  –  <4.14.231
linuxlinux_kernel*≥4.15  –  <4.19.188
linuxlinux_kernel*≥4.20  –  <5.4.113
linuxlinux_kernel*≥5.5  –  <5.10.31
linuxlinux_kernel*≥5.11  –  <5.12
brocadefabric_operating_system*any
netappfas_8300_firmware*any
netappfas_8300*any
netappfas_8700_firmware*any
netappfas_8700*any
netappaff_a400_firmware*any
netappaff_a400*any
netappaff_a250_firmware*any
netappaff_a250*any
netappaff_500f_firmware*any
netappaff_500f*any
netapph610c_firmware*any
netapph610c*any
netapph610s_firmware*any
netapph610s*any
netapph615c_firmware*any
netapph615c*any
netappcloud_backup*any
netapphci_management_node*any
netappsolidfire*any
netappsolidfire_baseboard_management_controller*any

References 10

  • packetstormsecurity.com http://packetstormsecurity.com/files/163528/Linux-Kernel-Netfilter-Heap-Out-Of-Bounds-Write.html
    Third Party AdvisoryVDB Entry
  • packetstormsecurity.com http://packetstormsecurity.com/files/163878/Kernel-Live-Patch-Security-Notice-LSN-0080-1.html
    ExploitThird Party AdvisoryVDB Entry
  • packetstormsecurity.com http://packetstormsecurity.com/files/164155/Kernel-Live-Patch-Security-Notice-LSN-0081-1.html
    ExploitThird Party AdvisoryVDB Entry
  • packetstormsecurity.com http://packetstormsecurity.com/files/164437/Netfilter-x_tables-Heap-Out-Of-Bounds-Write-Privilege-Escalation.html
    ExploitThird Party AdvisoryVDB Entry
  • packetstormsecurity.com http://packetstormsecurity.com/files/165477/Kernel-Live-Patch-Security-Notice-LSN-0083-1.html
    ExploitThird Party AdvisoryVDB Entry
  • git.kernel.org https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/netfilter/x_tables.c?id=9fa492cdc160cd27ce1046cb36f47d3b2b1efa21
    Mailing ListPatchVendor Advisory
  • git.kernel.org https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/netfilter/x_tables.c?id=b29c457a6511435960115c0f548c4360d5f4801d
    Mailing ListPatchVendor Advisory
  • github.com https://github.com/google/security-research/security/advisories/GHSA-xxx5-8mvq-3528
    ExploitThird Party Advisory
  • security.netapp.com https://security.netapp.com/advisory/ntap-20210805-0010/
    Third Party Advisory
  • cisa.gov https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-22555
    US Government Resource

Remediation

  • git.kernel.org https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/netfilter/x_tables.c?id=9fa492cdc160cd27ce1046cb36f47d3b2b1efa21
    Mailing ListPatchVendor Advisory
  • git.kernel.org https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/netfilter/x_tables.c?id=b29c457a6511435960115c0f548c4360d5f4801d
    Mailing ListPatchVendor Advisory