CVE-2021-22600

Summary

A double free bug in packet_set_ring() in net/packet/af_packet.c can be exploited by a local user through crafted syscalls to escalate privileges or deny service. We recommend upgrading kernel past the effected versions or rebuilding past ec6af094ea28f0f2dda1a6a33b14cd57e36a9755

Affected Software

VendorProductVersion RangeStatus
Linux KernelKernelunspecified < 5.4.168affected
Linux KernelKernelunspecified < 5.10.88affected
Linux KernelKernelunspecified < 5.15.11affected
Linux KernelKernelunspecified < 5.16-rc6affected

Weaknesses

  • CWE-415: CWE-415 Double Free

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: active
    • Automatable: no
    • Technical Impact: partial

Additional References

References