← Voltar para CVEs
CVE-2021-22600
MEDIUMCISA KEV6.6
Descricao
A double free bug in packet_set_ring() in net/packet/af_packet.c can be exploited by a local user through crafted syscalls to escalate privileges or deny service. We recommend upgrading kernel past the effected versions or rebuilding past ec6af094ea28f0f2dda1a6a33b14cd57e36a9755
Detalhes CVE
Pontuacao CVSS v3.16.6
SeveridadeMEDIUM
Vetor CVSSCVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:H
Vetor de ataqueLOCAL
ComplexidadeHIGH
Privilegios necessariosLOW
Interacao do usuarioREQUIRED
Publicado1/26/2022
Ultima modificacao10/24/2025
Fontekev
Avistamentos honeypot0
CISA KEV
FornecedorLinux
ProdutoKernel
Nome da vulnerabilidadeLinux Kernel Privilege Escalation Vulnerability
Data inclusao KEV2022-04-11
Prazo de remediacao2022-05-02
Uso em ransomwareUnknown
Produtos afetados
debian:debian_linuxlinux:linux_kernelnetapp:8300netapp:8300_firmwarenetapp:8700netapp:8700_firmwarenetapp:a400netapp:a400_firmwarenetapp:c400netapp:c400_firmwarenetapp:h300snetapp:h300s_firmwarenetapp:h410cnetapp:h410c_firmwarenetapp:h410snetapp:h410s_firmwarenetapp:h500snetapp:h500s_firmwarenetapp:h700snetapp:h700s_firmware
Fraquezas (CWE)
CWE-415CWE-415
Referencias
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=ec6af094ea28f0f2dda1a6a33b14cd57e36a9755(cve-coordination@google.com)
https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html(cve-coordination@google.com)
https://security.netapp.com/advisory/ntap-20230110-0002/(cve-coordination@google.com)
https://www.debian.org/security/2022/dsa-5096(cve-coordination@google.com)
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=ec6af094ea28f0f2dda1a6a33b14cd57e36a9755(af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html(af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20230110-0002/(af854a3a-2127-422b-91ae-364da2661108)
https://www.debian.org/security/2022/dsa-5096(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-22600(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.