QwikSec

Security Database

CVE

CWE

Training

CVE-2021-22600

Published: Jan 26, 2022

Modified: Oct 21, 2025

PUBLISHED

CVSS v3.1

6.6

MEDIUM

Description

A double free bug in packet_set_ring() in net/packet/af_packet.c can be exploited by a local user through crafted syscalls to escalate privileges or deny service. We recommend upgrading kernel past the effected versions or rebuilding past ec6af094ea28f0f2dda1a6a33b14cd57e36a9755

Vendor	Product	Versions
Linux Kernel	Kernel	affected `unspecified - < 5.4.168` affected `unspecified - < 5.10.88` affected `unspecified - < 5.15.11` affected `unspecified - < 5.16-rc6`

Weaknesses (CWE)

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:H

Attack Vector

Local

Attack Complexity

High

Privileges Required

Low

User Interaction

Required

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

High

References

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=ec6af094ea28f0f2dda1a6a33b14cd57e36a9755

[debian-lts-announce] 20220309 [SECURITY] [DLA 2941-1] linux-4.19 security update

mailing-list

vendor-advisory

https://security.netapp.com/advisory/ntap-20230110-0002/

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.