CVE-2021-22600

moderate-risk

Published 2022-01-26

A double free bug in packet_set_ring() in net/packet/af_packet.c can be exploited by a local user through crafted syscalls to escalate privileges or deny service. We recommend upgrading kernel past the effected versions or rebuilding past ec6af094ea28f0f2dda1a6a33b14cd57e36a9755

Do I need to act?

0.11% chance of exploitation

EPSS score — low exploit probability

CISA KEV: actively exploited in the wild

On the Known Exploited Vulnerabilities catalog — federal agencies must patch

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 6.6/10 Medium

LOCAL / HIGH complexity

Affected Products (12)

8300 Firmware

8700 Firmware

A400 Firmware

C400 Firmware

Linux Kernel

Debian Linux

H410C Firmware

H300S Firmware

H500S Firmware

H700S Firmware

H410S Firmware

Affected Vendors

Debian Linux Netapp

References (9)

Mailing List https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=ec6...

Mailing List https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html

Third Party Advisory https://security.netapp.com/advisory/ntap-20230110-0002/

Third Party Advisory https://www.debian.org/security/2022/dsa-5096

Mailing List https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=ec6...

Mailing List https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html

Third Party Advisory https://security.netapp.com/advisory/ntap-20230110-0002/

Third Party Advisory https://www.debian.org/security/2022/dsa-5096

US Government Resource https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-...

/ 100

moderate-risk

Severity 17/34 · Moderate

Exploitability 7/34 · Low

Exposure 17/34 · Moderate