TROYANOSYVIRUS
Retour aux CVEs

CVE-2021-22600

MEDIUMCISA KEV
6.6

Description

A double free bug in packet_set_ring() in net/packet/af_packet.c can be exploited by a local user through crafted syscalls to escalate privileges or deny service. We recommend upgrading kernel past the effected versions or rebuilding past ec6af094ea28f0f2dda1a6a33b14cd57e36a9755

Details CVE

Score CVSS v3.16.6
SeveriteMEDIUM
Vecteur CVSSCVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:H
Vecteur d'attaqueLOCAL
ComplexiteHIGH
Privileges requisLOW
Interaction utilisateurREQUIRED
Publie1/26/2022
Derniere modification10/24/2025
Sourcekev
Observations honeypot0

CISA KEV

FournisseurLinux
ProduitKernel
Nom vulnerabiliteLinux Kernel Privilege Escalation Vulnerability
Date ajout KEV2022-04-11
Date limite remediation2022-05-02
Utilise dans ransomwareUnknown

Produits affectes

debian:debian_linuxlinux:linux_kernelnetapp:8300netapp:8300_firmwarenetapp:8700netapp:8700_firmwarenetapp:a400netapp:a400_firmwarenetapp:c400netapp:c400_firmwarenetapp:h300snetapp:h300s_firmwarenetapp:h410cnetapp:h410c_firmwarenetapp:h410snetapp:h410s_firmwarenetapp:h500snetapp:h500s_firmwarenetapp:h700snetapp:h700s_firmware

Faiblesses (CWE)

CWE-415CWE-415

References

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=ec6af094ea28f0f2dda1a6a33b14cd57e36a9755(cve-coordination@google.com)
https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html(cve-coordination@google.com)
https://security.netapp.com/advisory/ntap-20230110-0002/(cve-coordination@google.com)
https://www.debian.org/security/2022/dsa-5096(cve-coordination@google.com)
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=ec6af094ea28f0f2dda1a6a33b14cd57e36a9755(af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html(af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20230110-0002/(af854a3a-2127-422b-91ae-364da2661108)
https://www.debian.org/security/2022/dsa-5096(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-22600(134c704f-9b21-4f2e-91b3-4a467353bcc0)

Correlations IOC

Aucune correlation enregistree

This product uses data from the NVD API but is not endorsed or certified by the NVD.