GoogleCVELIST:CVE-2021-22600CVE-2021-22600 Double Free in net/packet/af_packet.c leading to priviledge escalation
6.6 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:H
7.3 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
29.7%
A double free bug in packet_set_ring() in net/packet/af_packet.c can be exploited by a local user through crafted syscalls to escalate privileges or deny service. We recommend upgrading kernel past the effected versions or rebuilding past ec6af094ea28f0f2dda1a6a33b14cd57e36a9755
CNA Affected
[
{
"vendor": "Linux Kernel",
"product": "Kernel",
"versions": [
{
"version": "unspecified",
"lessThan": "5.4.168",
"status": "affected",
"versionType": "custom"
},
{
"version": "unspecified",
"lessThan": "5.10.88",
"status": "affected",
"versionType": "custom"
},
{
"version": "unspecified",
"lessThan": "5.15.11",
"status": "affected",
"versionType": "custom"
},
{
"version": "unspecified",
"lessThan": "5.16-rc6",
"status": "affected",
"versionType": "custom"
}
]
}
]Related
6.6 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:H
7.3 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
29.7%