TROYANOSYVIRUS
Zuruck zu CVEs

CVE-2021-22600

MEDIUMCISA KEV
6.6

Beschreibung

A double free bug in packet_set_ring() in net/packet/af_packet.c can be exploited by a local user through crafted syscalls to escalate privileges or deny service. We recommend upgrading kernel past the effected versions or rebuilding past ec6af094ea28f0f2dda1a6a33b14cd57e36a9755

CVE Details

CVSS v3.1 Bewertung6.6
SchweregradMEDIUM
CVSS VektorCVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:H
AngriffsvektorLOCAL
KomplexitatHIGH
Erforderliche PrivilegienLOW
BenutzerinteraktionREQUIRED
Veroffentlicht1/26/2022
Zuletzt geandert10/24/2025
Quellekev
Honeypot-Sichtungen0

CISA KEV

HerstellerLinux
ProduktKernel
SchwachstellennameLinux Kernel Privilege Escalation Vulnerability
KEV Aufnahmedatum2022-04-11
Behebungsfrist2022-05-02
Ransomware-NutzungUnknown

Betroffene Produkte

debian:debian_linuxlinux:linux_kernelnetapp:8300netapp:8300_firmwarenetapp:8700netapp:8700_firmwarenetapp:a400netapp:a400_firmwarenetapp:c400netapp:c400_firmwarenetapp:h300snetapp:h300s_firmwarenetapp:h410cnetapp:h410c_firmwarenetapp:h410snetapp:h410s_firmwarenetapp:h500snetapp:h500s_firmwarenetapp:h700snetapp:h700s_firmware

Schwachen (CWE)

CWE-415CWE-415

Referenzen

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=ec6af094ea28f0f2dda1a6a33b14cd57e36a9755(cve-coordination@google.com)
https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html(cve-coordination@google.com)
https://security.netapp.com/advisory/ntap-20230110-0002/(cve-coordination@google.com)
https://www.debian.org/security/2022/dsa-5096(cve-coordination@google.com)
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=ec6af094ea28f0f2dda1a6a33b14cd57e36a9755(af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html(af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20230110-0002/(af854a3a-2127-422b-91ae-364da2661108)
https://www.debian.org/security/2022/dsa-5096(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-22600(134c704f-9b21-4f2e-91b3-4a467353bcc0)

IOC Korrelationen

Keine Korrelationen erfasst

This product uses data from the NVD API but is not endorsed or certified by the NVD.