CVE-2021-22600

Advisory lineage Upstream: 0 Downstream: 20

Downstream

DEBIAN-CVE-2021-22600 DLA-2941-1 DSA-5096-1 OPENSUSE-SU-2022:0363-1 OPENSUSE-SU-2022:0370-1 SUSE-SU-2022:0363-1

Analyzed

Published: 26 Jan 2022, 00:00

Last modified:21 Oct 2025, 23:15

Vulnerability Summary

Overall Risk (default)

medium

29/100

CVSS Score

7.2 HIGH

v2.0 (nvd)

EPSS Score

0.18% LOW

0% probability +0.03%

KEV

Listed

CISA

1 listing

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

26 Jan 2022, 00:00

Published

Vulnerability first disclosed

11 Apr 2022, 00:00

Added to CISA KEV

Linux Kernel Privilege Escalation Vulnerability

02 May 2022, 00:00

CISA Remediation Due

Apply updates per vendor instructions.

21 Oct 2025, 23:15

Last Modified

Vulnerability information updated

Description

A double free bug in packet_set_ring() in net/packet/af_packet.c can be exploited by a local user through crafted syscalls to escalate privileges or deny service. We recommend upgrading kernel past the effected versions or rebuilding past ec6af094ea28f0f2dda1a6a33b14cd57e36a9755

CVSS Metrics

v3.1•MEDIUM•Score: 6.6CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:H
v3.1•HIGH•Score: 7CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
v2.0•HIGH•Score: 7.2AV:L/AC:L/Au:N/C:C/I:C/A:C

EPSS Trends

Current EPSS score: 0.18%• Percentile: 39%

Techniques & Countermeasures

CWE-415•Double Free
The product calls free() twice on the same memory address.

Affected Systems

debian•debian_linux
9.0 | 10.0
linux kernel•kernel
≥ unspecified, < 5.4.168 | ≥ unspecified, < 5.10.88 | ≥ unspecified, < 5.15.11 | ≥ unspecified, < 5.16-rc6
linux•linux_kernel
≥ 4.14.175, < 4.14.259 | ≥ 4.19.114, < 4.19.222 | ≥ 5.4.29, < 5.4.168 | ≥ 5.5.14, < 5.10.88 | ≥ 5.11, < 5.15.11
netapp•8300_firmware
na
netapp•8700_firmware
na
netapp•a400_firmware
na
netapp•c400_firmware
na
netapp•h300s_firmware
na
netapp•h410c_firmware
na
netapp•h410s_firmware
na
netapp•h500s_firmware
na
netapp•h700s_firmware
na