Vulnerability Description
A heap out-of-bounds write affecting Linux since v2.6.19-rc1 was discovered in net/netfilter/x_tables.c. This allows an attacker to gain privileges or cause a DoS (via heap memory corruption) through user name space
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Netapp | C400 Firmware | - |
| Netapp | C400 | - |
| Netapp | C250 Firmware | - |
| Netapp | C250 | - |
| Netapp | H410C Firmware | - |
| Netapp | H410C | - |
| Netapp | H300S Firmware | - |
| Netapp | H300S | - |
| Netapp | H500S Firmware | - |
| Netapp | H500S | - |
| Netapp | H700S Firmware | - |
| Netapp | H700S | - |
| Netapp | H410S Firmware | - |
| Netapp | H410S | - |
| Linux | Linux Kernel | >= 2.6.19, < 4.4.267 |
| Brocade | Fabric Operating System | - |
| Netapp | Fas 8300 Firmware | - |
| Netapp | Fas 8300 | - |
| Netapp | Fas 8700 Firmware | - |
| Netapp | Fas 8700 | - |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/163528/Linux-Kernel-Netfilter-Heap-Out-Of-BThird Party AdvisoryVDB Entry
- http://packetstormsecurity.com/files/163878/Kernel-Live-Patch-Security-Notice-LSExploitThird Party AdvisoryVDB Entry
- http://packetstormsecurity.com/files/164155/Kernel-Live-Patch-Security-Notice-LSExploitThird Party AdvisoryVDB Entry
- http://packetstormsecurity.com/files/164437/Netfilter-x_tables-Heap-Out-Of-BoundExploitThird Party AdvisoryVDB Entry
- http://packetstormsecurity.com/files/165477/Kernel-Live-Patch-Security-Notice-LSExploitThird Party AdvisoryVDB Entry
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/neMailing ListPatchVendor Advisory
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/neMailing ListPatchVendor Advisory
- https://github.com/google/security-research/security/advisories/GHSA-xxx5-8mvq-3ExploitThird Party Advisory
- https://security.netapp.com/advisory/ntap-20210805-0010/Third Party Advisory
- http://packetstormsecurity.com/files/163528/Linux-Kernel-Netfilter-Heap-Out-Of-BThird Party AdvisoryVDB Entry
- http://packetstormsecurity.com/files/163878/Kernel-Live-Patch-Security-Notice-LSExploitThird Party AdvisoryVDB Entry
- http://packetstormsecurity.com/files/164155/Kernel-Live-Patch-Security-Notice-LSExploitThird Party AdvisoryVDB Entry
- http://packetstormsecurity.com/files/164437/Netfilter-x_tables-Heap-Out-Of-BoundExploitThird Party AdvisoryVDB Entry
- http://packetstormsecurity.com/files/165477/Kernel-Live-Patch-Security-Notice-LSExploitThird Party AdvisoryVDB Entry
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/neMailing ListPatchVendor Advisory
FAQ
What is CVE-2021-22555?
CVE-2021-22555 is a vulnerability with a CVSS score of 8.3 (HIGH). A heap out-of-bounds write affecting Linux since v2.6.19-rc1 was discovered in net/netfilter/x_tables.c. This allows an attacker to gain privileges or cause a DoS (via heap memory corruption) through ...
How severe is CVE-2021-22555?
CVE-2021-22555 has been rated HIGH with a CVSS base score of 8.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-22555?
Check the references section above for vendor advisories and patch information. Affected products include: Netapp C400 Firmware, Netapp C400, Netapp C250 Firmware, Netapp C250, Netapp H410C Firmware.