CVE-2021-22600

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2021-22600
A double free bug in packet_set_ring() in net/packet/af_packet.c can be exploited by a local user through crafted syscalls to escalate privileges or deny service. We recommend upgrading kernel past the effected versions or rebuilding past ec6af094ea28f0f2dda1a6a33b14cd57e36a9755

6.6 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.8 / Impact : 5.3

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact HIGH

Scope CHANGED

7.2 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References
Link Resource
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=ec6af094ea28f0f2dda1a6a33b14cd57e36a9755 Mailing List Patch
https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html Mailing List Third Party Advisory
https://security.netapp.com/advisory/ntap-20230110-0002/ Third Party Advisory
https://www.debian.org/security/2022/dsa-5096 Third Party Advisory
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=ec6af094ea28f0f2dda1a6a33b14cd57e36a9755 Mailing List Patch
https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html Mailing List Third Party Advisory
https://security.netapp.com/advisory/ntap-20230110-0002/ Third Party Advisory
https://www.debian.org/security/2022/dsa-5096 Third Party Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-22600 US Government Resource
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:netapp:8300_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:8300:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:netapp:8700_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:8700:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:netapp:a400_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:a400:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:netapp:c400_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:c400:-:*:*:*:*:*:*:*

Configuration 5 (hide)

OR cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Configuration 6 (hide)

OR cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*
History

24 Oct 2025, 13:54

Type Values Removed Values Added
First Time Netapp 8300 Firmware
Netapp a400
Netapp 8700
Netapp 8700 Firmware
Netapp 8300
Netapp c400
Netapp a400 Firmware
Netapp c400 Firmware
CPE cpe:2.3:o:netapp:8300_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:8300:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:a400_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:c400_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:8700:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:c400:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:a400:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:8700_firmware:-:*:*:*:*:*:*:*
References () https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-22600 - () https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-22600 - US Government Resource

22 Oct 2025, 00:17

Type Values Removed Values Added
References
  • () https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-22600 -

21 Oct 2025, 20:18

Type Values Removed Values Added
References
  • {'url': 'https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-22600', 'source': '134c704f-9b21-4f2e-91b3-4a467353bcc0'}

21 Oct 2025, 19:18

Type Values Removed Values Added
References
  • () https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-22600 -
Information

Published : 2022-01-26 14:15

Updated : 2025-10-24 13:54

NVD link : CVE-2021-22600

Mitre link : CVE-2021-22600

CVE.ORG link : CVE-2021-22600

JSON object : View

Products Affected

netapp

  • h410s_firmware
  • h300s
  • h500s
  • c400_firmware
  • 8700
  • h700s
  • 8300
  • h410c
  • h300s_firmware
  • h700s_firmware
  • h410s
  • a400_firmware
  • 8700_firmware
  • h500s_firmware
  • h410c_firmware
  • a400
  • c400
  • 8300_firmware

linux

  • linux_kernel

debian

  • debian_linux
CWE
CWE-415

Double Free