CVE-2021-22600

HIGH CISA KEV
Published Jan 26, 20224y ago · Modified Jun 17, 20262w ago
7.0 CVSS 3.1
High
Find Similar
Published Jan 26, 2022 4y ago
Last Modified Jun 17, 2026 2w ago
KEV Listed Apr 11, 2022 4y ago
KEV Due May 2, 2022 1526d overdue

Description

A double free bug in packet_set_ring() in net/packet/af_packet.c can be exploited by a local user through crafted syscalls to escalate privileges or deny service. We recommend upgrading kernel past the effected versions or rebuilding past ec6af094ea28f0f2dda1a6a33b14cd57e36a9755

CVSS Details

Base Score
7.0
Exploitability
1.0
Impact
5.9
Vector string
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector Local
Attack Complexity High
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High

Threat Intelligence

CISA Known Exploited Overdue 1526d
Added
Apr 11, 2022
Due
May 2, 2022

Apply updates per vendor instructions.

Exploit & Patch Status
Actively Exploited (KEV)
Patch Available

Weaknesses 1

CWE-415

Affected Products 25

VendorProductVersionRange
netapp8300_firmware*any
netapp8300*any
netapp8700_firmware*any
netapp8700*any
netappa400_firmware*any
netappa400*any
netappc400_firmware*any
netappc400*any
linuxlinux_kernel*≥4.14.175  –  <4.14.259
linuxlinux_kernel*≥4.19.114  –  <4.19.222
linuxlinux_kernel*≥5.4.29  –  <5.4.168
linuxlinux_kernel*≥5.5.14  –  <5.10.88
linuxlinux_kernel*≥5.11  –  <5.15.11
debiandebian_linux9.0any
debiandebian_linux10.0any
netapph410c_firmware*any
netapph410c*any
netapph300s_firmware*any
netapph300s*any
netapph500s_firmware*any
netapph500s*any
netapph700s_firmware*any
netapph700s*any
netapph410s_firmware*any
netapph410s*any

References 5

  • git.kernel.org https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=ec6af094ea28f0f2dda1a6a33b14cd57e36a9755
    Mailing ListPatch
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html
    Mailing ListThird Party Advisory
  • security.netapp.com https://security.netapp.com/advisory/ntap-20230110-0002/
    Third Party Advisory
  • cisa.gov https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-22600
    US Government Resource
  • debian.org https://www.debian.org/security/2022/dsa-5096
    Third Party Advisory

Remediation

  • git.kernel.org https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=ec6af094ea28f0f2dda1a6a33b14cd57e36a9755
    Mailing ListPatch