Cyber Resilience

CVE-2021-22600

MediumCISA KEVActive ExploitationEUVD Exploited

Published: 26 January 2022

Published
26 January 2022
Modified
24 October 2025
KEV Added
11 April 2022
Patch
CVSS Score v3.1 6.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:H
EPSS Score 0.0018 39.3th percentile
Risk Priority 33 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2021-22600 is a medium-severity Double Free (CWE-415) vulnerability in Linux Linux Kernel. Its CVSS base score is 6.6 (Medium).

Operationally, ranked at the 39.3th percentile by exploit likelihood (below the median); CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).

Deeper analysis

A double free vulnerability exists in the Linux kernel's packet socket implementation, specifically within the packet_set_ring() function in net/packet/af_packet.c. This flaw, tracked as CVE-2021-22600 and assigned CWE-415, allows improper memory handling during ring buffer operations and carries a CVSS score of 6.6.

A local user with low privileges can trigger the issue through crafted system calls. Successful exploitation may result in privilege escalation or a denial-of-service condition, though the attack requires specific conditions including user interaction and a hardened execution context.

Kernel developers addressed the bug in commit ec6af094ea28f0f2dda1a6a33b14cd57e36a9755. Security advisories from Debian and NetApp recommend upgrading to unaffected kernel versions or applying the referenced patch to mitigate the risk.

EU & UK References

Vulnerability details

A double free bug in packet_set_ring() in net/packet/af_packet.c can be exploited by a local user through crafted syscalls to escalate privileges or deny service. We recommend upgrading kernel past the effected versions or rebuilding past ec6af094ea28f0f2dda1a6a33b14cd57e36a9755

CWE(s)
KEV Date Added
11 April 2022

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

netapp
8300 firmware
all versions
netapp
8700 firmware
all versions
netapp
a400 firmware
all versions
netapp
c400 firmware
all versions
linux
linux kernel
4.14.175 — 4.14.259 · 4.19.114 — 4.19.222 · 5.4.29 — 5.4.168
debian
debian linux
10.0, 9.0
netapp
h410c firmware
all versions
netapp
h300s firmware
all versions
netapp
h500s firmware
all versions
netapp
h700s firmware
all versions
+1 more product configuration(s) — see NVD for full list

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires timely application of the kernel patch (ec6af094ea28f0f2dda1a6a33b14cd57e36a9755) or upgrade that eliminates the double-free flaw in packet_set_ring().

prevent

Mandates memory-protection mechanisms that would block or contain the double-free condition (CWE-415) during ring-buffer operations.

prevent

Requires disabling or restricting unneeded packet-socket/ring-buffer functionality that the local attacker must invoke via crafted syscalls.

References