← back
CVE-2021-22555

Heap Out-Of-Bounds Write in Netfilter IP6T_SO_SET_REPLACE

CVSS 8.3 HIGHEPSS 78.7%● KEVCWE-787
In short

A flaw in Linux's network filtering system allows attackers to write data beyond the bounds of allocated memory, potentially gaining unauthorized access or crashing the system. This vulnerability affects the kernel's ability to safely handle network rule configurations.

Technical detail

A heap out-of-bounds write in net/netfilter/x_tables.c (CWE-787) enables privilege escalation or denial of service through heap memory corruption. The vulnerability is triggered via the IP6T_SO_SET_REPLACE socket option in user namespace context, affecting Linux kernels from v2.6.19-rc1 onwards.

Summary generated and translated by AI from the official description.
A heap out-of-bounds write affecting Linux since v2.6.19-rc1 was discovered in net/netfilter/x_tables.c. This allows an attacker to gain privileges or cause a DoS (via heap memory corruption) through user name space
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Affected products
n/a · Linux Kernel
public PoCs found18
githubgithub.com/veritas501/CVE-2021-22555-PipeVersion40githubgithub.com/xyjl-ly/CVE-2021-22555-Exploit14githubgithub.com/cgwalters/container-cve-2021-225554githubgithub.com/tukru/CVE-2021-225553githubgithub.com/masjohncook/netsec-project1githubgithub.com/JoneyJunior/cve-2021-225551githubgithub.com/Spydomain/CVE-2021-22555-Poc1githubgithub.com/daletoniris/CVE-2021-22555-esc-priv1githubgithub.com/letsr00t/CVE-2021-225550githubgithub.com/pashayogi/CVE-2021-225550githubgithub.com/glutton-su/CVE-2021-225550githubgithub.com/letsr00t/-2021-LOCALROOT-CVE-2021-225550exploitdbwww.exploit-db.com/exploits/50135unverifiedcve_referencepacketstormsecurity.com/files/163878/Kernel-Live-Patch-Security-Notice-LSN-0080-1.htmlunverifiedcve_referencepacketstormsecurity.com/files/163528/Linux-Kernel-Netfilter-Heap-Out-Of-Bounds-Write.htmlunverifiedcve_referencepacketstormsecurity.com/files/165477/Kernel-Live-Patch-Security-Notice-LSN-0083-1.htmlunverifiedcve_referencepacketstormsecurity.com/files/164437/Netfilter-x_tables-Heap-Out-Of-Bounds-Write-Privilege-Escalation.htmlunverifiedcve_referencepacketstormsecurity.com/files/164155/Kernel-Live-Patch-Security-Notice-LSN-0081-1.htmlunverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://packetstormsecurity.com/files/163528/Linux-Kernel-Netfilter-Heap-Out-Of-Bounds-Write.htmlhttp://packetstormsecurity.com/files/163878/Kernel-Live-Patch-Security-Notice-LSN-0080-1.htmlhttp://packetstormsecurity.com/files/164155/Kernel-Live-Patch-Security-Notice-LSN-0081-1.htmlhttp://packetstormsecurity.com/files/164437/Netfilter-x_tables-Heap-Out-Of-Bounds-Write-Privilege-Escalation.htmlhttp://packetstormsecurity.com/files/165477/Kernel-Live-Patch-Security-Notice-LSN-0083-1.htmlhttps://github.com/google/security-research/security/advisories/GHSA-xxx5-8mvq-3528https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/netfilter/x_tables.c?id=9fa492cdc160cd27ce1046cb36f47d3b2b1efa21https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/netfilter/x_tables.c?id=b29c457a6511435960115c0f548c4360d5f4801dhttps://security.netapp.com/advisory/ntap-20210805-0010/https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-22555