#VU63766 Double Free in Linux kernel - CVE-2021-22600
Published: May 27, 2022 / Updated: September 19, 2025
Vulnerability identifier: #VU63766
Vulnerability risk: High
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Amber
CVE-ID: CVE-2021-22600
CWE-ID: CWE-415
Exploitation vector: Local access
Exploit availability:
The vulnerability is being exploited in the wild
Vulnerable software:
Linux kernel
Linux kernel
Software vendor:
Linux Foundation
Linux Foundation
Description
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error in the packet_set_ring() function in net/packet/af_packet.c. A local user can pass specially crafted data to the application, trigger double free error and escalate privileges on the system.
Note, the vulnerability is being actively exploited in the wild against Android users.
Remediation
Install updates from vendor's website.