Vulnerability Details : CVE-2021-22555

A heap out-of-bounds write affecting Linux since v2.6.19-rc1 was discovered in net/netfilter/x_tables.c. This allows an attacker to gain privileges or cause a DoS (via heap memory corruption) through user name space

Vulnerability category: Memory CorruptionDenial of service

Published 2021-07-07 12:15:08

Updated 2022-03-31 19:15:33

Source Google Inc.

View at NVD, CVE.org

At least one public exploit which can be used to exploit this vulnerability exists!

Exploit prediction scoring system (EPSS) score for CVE-2021-22555

Probability of exploitation activity in the next 30 days: 0.26%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 62 % EPSS Score History EPSS FAQ

Metasploit modules for CVE-2021-22555

Netfilter x_tables Heap OOB Write Privilege Escalation

Disclosure Date : 2021-07-07

exploit/linux/local/netfilter_xtables_heap_oob_write_priv_esc

A heap out-of-bounds write affecting Linux since v2.6.19-rc1 was discovered in net/netfilter/x_tables.c. This allows an attacker to gain privileges or cause a DoS (via heap memory corruption) through user name space. Kernels up to 5.11 (including) are vulnerable. More information about vulnerable kernels is available at https://nvd.nist.gov/vuln/detail/CVE-2021-22555#vulnConfigurationsArea Authors: - Andy Nguyen (theflow <Andy Nguyen (theflow@)> - Szymon Janusz - bcoles <[email protected]>

More information

CVSS scores for CVE-2021-22555

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Source
4.6	MEDIUM	AV:L/AC:L/Au:N/C:P/I:P/A:P	3.9	6.4	[email protected]
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial
8.3	HIGH	CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H	1.6	6.0	[email protected]
Attack Vector: Adjacent Network Attack Complexity: High Privileges Required: None User Interaction: None Scope: Changed Confidentiality: High Integrity: High Availability: High
7.8	HIGH	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	1.8	5.9	[email protected]
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2021-22555

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.
Assigned by:
- [email protected] (Secondary)
- [email protected] (Primary)

References for CVE-2021-22555

http://packetstormsecurity.com/files/163878/Kernel-Live-Patch-Security-Notice-LSN-0080-1.html

Exploit;Third Party Advisory;VDB Entry
http://packetstormsecurity.com/files/165477/Kernel-Live-Patch-Security-Notice-LSN-0083-1.html

Exploit;Third Party Advisory;VDB Entry

CVEs referencing this url
https://github.com/google/security-research/security/advisories/GHSA-xxx5-8mvq-3528

Exploit;Third Party Advisory
http://packetstormsecurity.com/files/164155/Kernel-Live-Patch-Security-Notice-LSN-0081-1.html

Exploit;Third Party Advisory;VDB Entry

CVEs referencing this url
http://packetstormsecurity.com/files/164437/Netfilter-x_tables-Heap-Out-Of-Bounds-Write-Privilege-Escalation.html

Exploit;Third Party Advisory;VDB Entry
http://packetstormsecurity.com/files/163528/Linux-Kernel-Netfilter-Heap-Out-Of-Bounds-Write.html

Third Party Advisory;VDB Entry
https://security.netapp.com/advisory/ntap-20210805-0010/

Third Party Advisory
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/netfilter/x_tables.c?id=b29c457a6511435960115c0f548c4360d5f4801d

Mailing List;Patch;Vendor Advisory
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/netfilter/x_tables.c?id=9fa492cdc160cd27ce1046cb36f47d3b2b1efa21

Mailing List;Patch;Vendor Advisory

Products affected by CVE-2021-22555

Linux » Linux Kernel
Versions from including (>=) 2.6.19 and before (<) 4.4.267
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 5.5 and before (<) 5.10.31
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 4.10 and before (<) 4.14.231
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 4.20 and before (<) 5.4.113
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 4.5 and before (<) 4.9.267
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 5.11 and before (<) 5.12
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 4.15 and before (<) 4.19.188
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Brocade » Fabric Operating System » Version: N/A
cpe:2.3:o:brocade:fabric_operating_system:-:*:*:*:*:*:*:*
Matching versions
Netapp » Hci Management Node » Version: N/A
cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*
Matching versions
Netapp » Solidfire » Version: N/A
cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*
Matching versions
Netapp » Aff A400 Firmware » Version: N/A
cpe:2.3:o:netapp:aff_a400_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Netapp » Aff A400 » Version: N/A
Netapp » H610s Firmware » Version: N/A
cpe:2.3:o:netapp:h610s_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Netapp » H610s » Version: N/A
Netapp » Aff A250 Firmware » Version: N/A
cpe:2.3:o:netapp:aff_a250_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Netapp » Aff A250 » Version: N/A
Netapp » Fas 8300 Firmware » Version: N/A
cpe:2.3:o:netapp:fas_8300_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Netapp » Fas 8300 » Version: N/A
Netapp » Fas 8700 Firmware » Version: N/A
cpe:2.3:o:netapp:fas_8700_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Netapp » Fas 8700 » Version: N/A
Netapp » Aff 500f Firmware » Version: N/A
cpe:2.3:o:netapp:aff_500f_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Netapp » Aff 500f » Version: N/A
Netapp » H610c Firmware » Version: N/A
cpe:2.3:o:netapp:h610c_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Netapp » H610c » Version: N/A
Netapp » H615c Firmware » Version: N/A
cpe:2.3:o:netapp:h615c_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Netapp » H615c » Version: N/A