CVE-2021-22600 MEDIUM

CVE-2021-22600: Double Free in net/packet/af_packet.c leading to priviledge escalation

Vendor Linux Kernel
Product Kernel
Weakness CWE-415
KEV Status Known Exploited
Published January 26, 2022
Last update October 21, 2025

CVSS base score

6.6/10
Attack vector Local
Attack complexity High
Privileges required Low
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:H

What the vulnerability does

01Description

A double free bug in packet_set_ring() in net/packet/af_packet.c can be exploited by a local user through crafted syscalls to escalate privileges or deny service. We recommend upgrading kernel past the effected versions or rebuilding past ec6af094ea28f0f2dda1a6a33b14cd57e36a9755

CISA mandated remediation

02CISA Required Action

Apply updates per vendor instructions.

Key dates

03Disclosure timeline

January 26, 2022 CVE published
October 21, 2025 Record updated