CVE-2021-22600
Double Free in net/packet/af_packet.c leading to priviledge escalation
In short
A double free vulnerability in Linux kernel's packet socket code allows a local user to crash the system or gain administrator privileges by sending specially crafted system calls.
Technical detail
Double free bug in packet_set_ring() function (net/packet/af_packet.c) exploitable via local syscalls without requiring elevated privileges; enables privilege escalation or denial of service through memory corruption; fixed in kernel commit ec6af094ea28f0f2dda1a6a33b14cd57e36a9755.
Summary generated and translated by AI from the official description.
A double free bug in packet_set_ring() in net/packet/af_packet.c can be exploited by a local user through crafted syscalls to escalate privileges or deny service. We recommend upgrading kernel past the effected versions or rebuilding past ec6af094ea28f0f2dda1a6a33b14cd57e36a9755
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:H
Affected products
Linux Kernel · Kernelpublic PoCs found — 2
githubgithub.com/sendINUX/CVE-2021-22600__DirtyPagetable★ 1githubgithub.com/Chinmay1743/af_packet.c★ 1⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=ec6af094ea28f0f2dda1a6a33b14cd57e36a9755https://lists.debian.org/debian-lts-announce/2022/03/msg00012.htmlhttps://security.netapp.com/advisory/ntap-20230110-0002/https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-22600https://www.debian.org/security/2022/dsa-5096