7.2
CVE-2021-22600
- EPSS 0.07%
- Veröffentlicht 26.01.2022 14:15:08
- Zuletzt bearbeitet 24.02.2025 15:41:32
- Quelle cve-coordination@google.com
- Teams Watchlist Login
- Unerledigt Login
A double free bug in packet_set_ring() in net/packet/af_packet.c can be exploited by a local user through crafted syscalls to escalate privileges or deny service. We recommend upgrading kernel past the effected versions or rebuilding past ec6af094ea28f0f2dda1a6a33b14cd57e36a9755
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version >= 4.14.175 < 4.14.259
Linux ≫ Linux Kernel Version >= 4.19.114 < 4.19.222
Linux ≫ Linux Kernel Version >= 5.4.29 < 5.4.168
Linux ≫ Linux Kernel Version >= 5.5.14 < 5.10.88
Linux ≫ Linux Kernel Version >= 5.11 < 5.15.11
Debian ≫ Debian Linux Version9.0
Debian ≫ Debian Linux Version10.0
Netapp ≫ H410c Firmware Version-
Netapp ≫ H300s Firmware Version-
Netapp ≫ H500s Firmware Version-
Netapp ≫ H700s Firmware Version-
Netapp ≫ H410s Firmware Version-
11.04.2022: CISA Known Exploited Vulnerabilities (KEV) Catalog
Linux Kernel Privilege Escalation Vulnerability
SchwachstelleLinux Kernel contains a flaw in the packet socket (AF_PACKET) implementation which could lead to incorrectly freeing memory. A local user could exploit this for denial-of-service (DoS) or possibly for privilege escalation.
BeschreibungApply updates per vendor instructions.
Erforderliche Maßnahmen| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.07% | 0.228 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7 | 1 | 5.9 |
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 7.2 | 3.9 | 10 |
AV:L/AC:L/Au:N/C:C/I:C/A:C
|
| cve-coordination@google.com | 6.6 | 0.8 | 5.3 |
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:H
|
CWE-415 Double Free
The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.