← Back

CVE-2021-22600

nvd nist
Published: Jan 26, 2022Modified: Oct 24, 2025CISA KEV

JSON object

Loading...
7.0
Vector
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 1.0 / Impact: 5.9
Source: NVD

Description

A double free bug in packet_set_ring() in net/packet/af_packet.c can be exploited by a local user through crafted syscalls to escalate privileges or deny service. We recommend upgrading kernel past the effected versions or rebuilding past ec6af094ea28f0f2dda1a6a33b14cd57e36a9755

Affected (16)

Netapp
9 products
8300 Firmware
8700 Firmware
A400 Firmware
C400 Firmware
H410c Firmware
H300s Firmware
H500s Firmware
H700s Firmware
H410s Firmware
Linux
1 product
Linux Kernel
Debian
1 product
Debian Linux
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
8300 Firmware
All versions
Running on/withPlatform Versions
Netapp
8300
All versions
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
8700 Firmware
All versions
Running on/withPlatform Versions
Netapp
8700
All versions
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
A400 Firmware
All versions
Running on/withPlatform Versions
Netapp
A400
All versions
Configuration D
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
C400 Firmware
All versions
Running on/withPlatform Versions
Netapp
C400
All versions
Configuration E
5 vulnerable
Vulnerable SoftwareAffected Versions
Linux
Linux Kernel
From 4.14.175 to 4.14.259
Linux Kernel
From 4.19.114 to 4.19.222
Linux Kernel
From 5.11 to 5.15.11
Linux Kernel
From 5.4.29 to 5.4.168
Linux Kernel
From 5.5.14 to 5.10.88
Configuration F
2 vulnerable
Vulnerable SoftwareAffected Versions
Debian
Debian Linux
Version 10.0
Debian Linux
Version 9.0
Configuration G
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
H410c Firmware
All versions
Running on/withPlatform Versions
Netapp
H410c
All versions
Configuration H
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
H300s Firmware
All versions
Running on/withPlatform Versions
Netapp
H300s
All versions
Configuration I
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
H500s Firmware
All versions
Running on/withPlatform Versions
Netapp
H500s
All versions
Configuration J
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
H700s Firmware
All versions
Running on/withPlatform Versions
Netapp
H700s
All versions
Configuration K
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
H410s Firmware
All versions
Running on/withPlatform Versions
Netapp
H410s
All versions

Related CWEs

CWE-415
Double Free
The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.

References (9)

Source: cve-coordination@google.com
Mailing ListPatch
Source: cve-coordination@google.com
Mailing ListThird Party Advisory
Source: cve-coordination@google.com
Third Party Advisory
Source: cve-coordination@google.com
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListPatch
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
US Government Resource

Timeline

No history available yet.