CVE-2021-22600

ENISA EUVD: EUVD-2021-9736 ↗
Exploited in the Wild ✓ Confirmed 0-Day ★ Google Project Zero
Triaged: March 5, 2026 2 articles Published: 2022-01-26
VulnLookup ↗ NVD ↗ EUVD ↗ MITRE ↗ Advisory ↗ P0 Sheet ↗ CISA KEV ↗

EPSS Score

Source: FIRST.org · 2026-05-23
0.18%
probability
This CVE has a 0.18% probability of being exploited in the next 30 days.
0% Top 39.1th percentile of all CVEs 100%

CVSS v3.1

Source: VulnerabilityLookup (CIRCL)
6.6
MEDIUM
Attack Vector
Local
Attack Complexity
High
Privileges Required
Low
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
High
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:H

CVSS v2 (legacy)

7.2
HIGH
Access Vector
Local
Access Complexity
Low
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
AV:L/AC:L/Au:N/C:C/I:C/A:C

Description

VulnerabilityLookup (CNA)
A double free bug in packet_set_ring() in net/packet/af_packet.c can be exploited by a local user through crafted syscalls to escalate privileges or deny service. We recommend upgrading kernel past the effected versions or rebuilding past ec6af094ea28f0f2dda1a6a33b14cd57e36a9755

Affected Products

Linux Kernel
Kernel
unspecified unspecified unspecified unspecified

Attack Intelligence

Google Project Zero

Patched
March 7, 2022
Reported by
???
Root Cause Analysis
???

Exploits & PoC

sendINUX/CVE-2021-22600__DirtyPagetable
1 2025-08-29
Chinmay1743/af_packet.c

Proof-Of-Concept to check privileges of af_packet.c for validating the privileges acquired by any hacker upon successful exploitation of CVE-2021-2260

1 2025-09-17
2 repos — triés par ⭐ Rechercher sur GitHub ↗

Signal Intelligence

Confidence
95%
EPSS 0.18%
CVSS v3.1 6.6
Mentions 2
Last Seen Feb 15, 2022

CNA Information

CNA Assigner
Google
CNA Title
Double Free in net/packet/af_packet.c leading to priviledge escalation

Analyst Note

Auto-imported from Google Project Zero — confirmed zero-day by definition.

Triage Info

Decided atMar 05, 2026
Published DateJan 26, 2022