A double free bug in packet_set_ring() in net/packet/af_packet.c can be exploited by a local user through crafted syscalls to escalate privileges or deny service. We recommend upgrading kernel past the effected versions or rebuilding past ec6af094ea28f0f2dda1a6a33b14cd57e36a9755
Published 2022-01-26 14:15:08
Updated 2023-06-26 18:59:36
Source Google Inc.
View at NVD,   CVE.org
Vulnerability category: Memory Corruption

CVE-2021-22600 is in the CISA Known Exploited Vulnerabilities Catalog

CISA vulnerability name:
Linux Kernel Privilege Escalation Vulnerability
CISA required action:
Apply updates per vendor instructions.
CISA description:
Linux Kernel contains a flaw in the packet socket (AF_PACKET) implementation which could lead to incorrectly freeing memory. A local user could exploit this for denial-of-service (DoS) or possibly for privilege escalation.
Added on 2022-04-11 Action due date 2022-05-02

Exploit prediction scoring system (EPSS) score for CVE-2021-22600

Probability of exploitation activity in the next 30 days: 0.09%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 35 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2021-22600

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Score Source
7.2
HIGH AV:L/AC:L/Au:N/C:C/I:C/A:C
3.9
10.0
NIST
6.6
MEDIUM CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:H
0.8
5.3
Google Inc.
7.0
HIGH CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1.0
5.9
NIST

CWE ids for CVE-2021-22600

  • The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.
    Assigned by:
    • cve-coordination@google.com (Secondary)
    • nvd@nist.gov (Primary)

References for CVE-2021-22600

Products affected by CVE-2021-22600

This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!