IRONSMITHINTEL
MEDIUMCVSS6.6
|
Actively Exploited
|CISA KEV|CVE-2021-22600|Auth: low — authenticated user|Reboot: required|Manual only

Linux Kernel Privilege Escalation Vulnerability (CVE-2021-22600)

Linux Kernel contains a flaw in the packet socket (AF_PACKET) implementation which could lead to incorrectly freeing memory. A local user could exploit this for denial-of-service (DoS) or possibly for privilege escalation.

Published Jan 26, 2022 · Updated May 17, 2026
Why patchRisk explained in plain English
Worst-case scenarioIf unpatched

A local attacker, with a low-privilege account, can achieve full data confidentiality loss, partial data tampering, complete denial of service or system unavailability. Federal agencies are required to remediate by 2022-05-02 under CISA BOD 22-01.

How the attack worksNo clicks needed

This is a Software Vulnerability (CWE-415) (CWE-415) vulnerability in Linux Kernel. A double free bug in packet_set_ring() in net/packet/af_packet.c can be exploited by a local user through crafted syscalls to escalate privileges or deny service. We recommend upgrading kernel past the effected versions or rebuilding past ec6af094ea28f0f2dda1a6a33b14cd57e36a9755 Exploitation requires local access, higher attack complexity, a low-privilege authenticated account, and user interaction required.

Am I affected?Quick check

Probably yes if any of these apply:

IT Security
Running 8300 firmware: -; 8700 firmware: -; a400 firmware: -; c400 firmware: -; linux kernel: 4.14.175 ≤ v < 4.14.259, 4.19.114 ≤ v < 4.19.222, 5.4.29 ≤ v < 5.4.168, 5.5.14 ≤ v < 5.10.88, 5.11 ≤ v < 5.15.11; debian linux: 9.0, 10.0; h410c firmware: -; h300s firmware: -; h500s firmware: -; h700s firmware: -; h410s firmware: -
Real-world incidentsWhat we've seen

CISA added this CVE to the Known Exploited Vulnerabilities catalog on 2022-04-11 based on evidence of active exploitation in the wild. Federal agencies required to remediate by 2022-05-02.

How to patch

Manual remediation steps

1
Identify affected hosts: query inventory for general installs in scope.
2
Apply the vendor security update referenced in CVE-2021-22600's advisory. No specific KB/version is encoded yet — consult the linked MSRC/vendor URL.
3
Verify the fix per the vendor's published verification steps.
4
Document the remediation in your change ticket and re-scan with your vulnerability scanner to confirm closure.
PowerShell automationComing soon

No tested PowerShell script for this entry yet. We’re prioritising automation based on user demand.

References

CVE-2021-22600MSRC AdvisoryNVDVendor Advisory