Back to KEVs

CVE-2021-22600

Double Free in net/packet/af_packet.c leading to priviledge escalation

Basic Information

CVE State
PUBLISHED
Reserved Date
January 05, 2021
Published Date
January 26, 2022
Last Updated
January 29, 2025
Vendor
Linux Kernel
Product
Kernel
Description
A double free bug in packet_set_ring() in net/packet/af_packet.c can be exploited by a local user through crafted syscalls to escalate privileges or deny service. We recommend upgrading kernel past the effected versions or rebuilding past ec6af094ea28f0f2dda1a6a33b14cd57e36a9755

CVSS Scores

CVSS v3.1

6.6 - MEDIUM

Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:H

SSVC Information

Exploitation
active
Technical Impact
partial

Exploit Status

Exploited in the Wild
Yes (added 2022-04-11 00:00:00 UTC) Source

References

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=ec6af094ea28f0f2dda1a6a33b14cd57e36a9755 https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html https://www.debian.org/security/2022/dsa-5096 https://security.netapp.com/advisory/ntap-20230110-0002/

Known Exploited Vulnerability Information

Source Added Date
CISA 2022-04-11 00:00:00 UTC