⚠ Actively exploited
Added to CISA KEV on 2022-04-11. Federal agencies required to patch by 2022-05-02. Required action: Apply updates per vendor instructions..
CVE-2021-22600
Severity
7.0HIGH
EPSS
0.1%
top 70.38%
CISA KEV
KEV
Added 2022-04-11
Due 2022-05-02
Exploit
Exploited in wild
Active exploitation observed
Affected products
Timeline
PublishedJan 26
KEV addedApr 11
Latest updateMay 1
KEV dueMay 2
CISA Required Action: Apply updates per vendor instructions.
Description
A double free bug in packet_set_ring() in net/packet/af_packet.c can be exploited by a local user through crafted syscalls to escalate privileges or deny service. We recommend upgrading kernel past the effected versions or rebuilding past ec6af094ea28f0f2dda1a6a33b14cd57e36a9755
CVSS vector
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:HExploitability: 0.8 | Impact: 5.3
Affected Packages22 packages
Also affects: Debian Linux 10.0, 9.0
Patches
🔴Vulnerability Details
11OSV▶
linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-dell300x, linux-gcp, linux-gcp-4.15, linux-hwe, linux-oracle, linux-raspi2, linux-snapdragon vulnerabilities↗2022-02-22
OSV▶
linux, linux-aws, linux-aws-5.13, linux-azure, linux-gcp, linux-kvm, linux-oracle, linux-oracle-5.13, linux-raspi vulnerabilities↗2022-02-22
OSV▶
linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-azure-fde, linux-bluefield, linux-gcp, linux-gcp-5.4, linux-gkeop, linux-gkeop-5.4, linux-hwe-5.4, linux-ibm, linux-ibm-5.4 linux-oracle, ↗2022-02-22