CVE-2021-22600
Published: 26 January 2022
Summary
CVE-2021-22600 is a medium-severity Double Free (CWE-415) vulnerability in Linux Linux Kernel. Its CVSS base score is 6.6 (Medium).
Operationally, ranked at the 39.3th percentile by exploit likelihood (below the median); CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).
Deeper analysis
A double free vulnerability exists in the Linux kernel's packet socket implementation, specifically within the packet_set_ring() function in net/packet/af_packet.c. This flaw, tracked as CVE-2021-22600 and assigned CWE-415, allows improper memory handling during ring buffer operations and carries a CVSS score of 6.6.
A local user with low privileges can trigger the issue through crafted system calls. Successful exploitation may result in privilege escalation or a denial-of-service condition, though the attack requires specific conditions including user interaction and a hardened execution context.
Kernel developers addressed the bug in commit ec6af094ea28f0f2dda1a6a33b14cd57e36a9755. Security advisories from Debian and NetApp recommend upgrading to unaffected kernel versions or applying the referenced patch to mitigate the risk.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2021-9736
Vulnerability details
A double free bug in packet_set_ring() in net/packet/af_packet.c can be exploited by a local user through crafted syscalls to escalate privileges or deny service. We recommend upgrading kernel past the effected versions or rebuilding past ec6af094ea28f0f2dda1a6a33b14cd57e36a9755
- CWE(s)
- KEV Date Added
- 11 April 2022
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires timely application of the kernel patch (ec6af094ea28f0f2dda1a6a33b14cd57e36a9755) or upgrade that eliminates the double-free flaw in packet_set_ring().
Mandates memory-protection mechanisms that would block or contain the double-free condition (CWE-415) during ring-buffer operations.
Requires disabling or restricting unneeded packet-socket/ring-buffer functionality that the local attacker must invoke via crafted syscalls.