Lucene search

K
cvelistGoogleCVELIST:CVE-2021-22600
HistoryJan 26, 2022 - 12:00 a.m.

CVE-2021-22600 Double Free in net/packet/af_packet.c leading to priviledge escalation

2022-01-2600:00:00
CWE-415
Google
www.cve.org
3

CVSS3

6.6

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:H

AI Score

7.3

Confidence

High

EPSS

0.001

Percentile

29.5%

A double free bug in packet_set_ring() in net/packet/af_packet.c can be exploited by a local user through crafted syscalls to escalate privileges or deny service. We recommend upgrading kernel past the effected versions or rebuilding past ec6af094ea28f0f2dda1a6a33b14cd57e36a9755

CNA Affected

[
  {
    "vendor": "Linux Kernel",
    "product": "Kernel",
    "versions": [
      {
        "version": "unspecified",
        "lessThan": "5.4.168",
        "status": "affected",
        "versionType": "custom"
      },
      {
        "version": "unspecified",
        "lessThan": "5.10.88",
        "status": "affected",
        "versionType": "custom"
      },
      {
        "version": "unspecified",
        "lessThan": "5.15.11",
        "status": "affected",
        "versionType": "custom"
      },
      {
        "version": "unspecified",
        "lessThan": "5.16-rc6",
        "status": "affected",
        "versionType": "custom"
      }
    ]
  }
]

CVSS3

6.6

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:H

AI Score

7.3

Confidence

High

EPSS

0.001

Percentile

29.5%