Double Free in Linux kernel - CVE-2021-22600
Published: May 27, 2022 / Updated: September 19, 2025
Vulnerability identifier: #VU63766
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Amber
CVE-ID: CVE-2021-22600
CWE-ID: CWE-415
Exploitation vector: Local access
Exploit availability:
The vulnerability is being exploited in the wild
Vendor: Linux Foundation
Affected software:
Linux kernel
Linux kernel
Detailed vulnerability description
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error in the packet_set_ring() function in net/packet/af_packet.c. A local user can pass specially crafted data to the application, trigger double free error and escalate privileges on the system.
Note, the vulnerability is being actively exploited in the wild against Android users.
How to mitigate CVE-2021-22600
Install updates from vendor's website.