TROYANOSYVIRUS
Volver a CVEs

CVE-2021-22600

MEDIUMCISA KEV
6.6

Descripcion

A double free bug in packet_set_ring() in net/packet/af_packet.c can be exploited by a local user through crafted syscalls to escalate privileges or deny service. We recommend upgrading kernel past the effected versions or rebuilding past ec6af094ea28f0f2dda1a6a33b14cd57e36a9755

Detalles CVE

Puntuacion CVSS v3.16.6
SeveridadMEDIUM
Vector CVSSCVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:H
Vector de ataqueLOCAL
ComplejidadHIGH
Privilegios requeridosLOW
Interaccion usuarioREQUIRED
Publicado1/26/2022
Ultima modificacion10/24/2025
Fuentekev
Avistamientos honeypot0

CISA KEV

VendedorLinux
ProductoKernel
Nombre vulnerabilidadLinux Kernel Privilege Escalation Vulnerability
Fecha inclusion KEV2022-04-11
Fecha limite remediacion2022-05-02
Uso en ransomwareUnknown

Productos afectados

debian:debian_linuxlinux:linux_kernelnetapp:8300netapp:8300_firmwarenetapp:8700netapp:8700_firmwarenetapp:a400netapp:a400_firmwarenetapp:c400netapp:c400_firmwarenetapp:h300snetapp:h300s_firmwarenetapp:h410cnetapp:h410c_firmwarenetapp:h410snetapp:h410s_firmwarenetapp:h500snetapp:h500s_firmwarenetapp:h700snetapp:h700s_firmware

Debilidades (CWE)

CWE-415CWE-415

Referencias

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=ec6af094ea28f0f2dda1a6a33b14cd57e36a9755(cve-coordination@google.com)
https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html(cve-coordination@google.com)
https://security.netapp.com/advisory/ntap-20230110-0002/(cve-coordination@google.com)
https://www.debian.org/security/2022/dsa-5096(cve-coordination@google.com)
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=ec6af094ea28f0f2dda1a6a33b14cd57e36a9755(af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html(af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20230110-0002/(af854a3a-2127-422b-91ae-364da2661108)
https://www.debian.org/security/2022/dsa-5096(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-22600(134c704f-9b21-4f2e-91b3-4a467353bcc0)

Correlaciones IOC

Sin correlaciones registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.